Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2007-6402

CWE-119Buffer Overflow4 documents4 sources
Severity
9.3CRITICAL
EPSS
5.7%
top 9.55%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
3ivx Mpeg-4 CodecGuliverkli Media Player Classic
Timeline
PublishedDec 17
Latest updateMay 1

Description

Stack-based buffer overflow in mplayerc.exe in Media Player Classic (MPC) 6.4.9, when used with the 3ivx 4.5.1 or 5.0.1 codec, allows remote attackers to execute arbitrary code via a certain .mp4 file, possibly a related issue to CVE-2007-6401.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages2 packages

NVD3ivx/mpeg-4_codec4.5.1, 5.0.1+1

🔴Vulnerability Details

2
GHSA
GHSA-pvjg-m4rc-ch2c: Stack-based buffer overflow in mplayerc2022-05-01
CVEList
CVE-2007-6402: Stack-based buffer overflow in mplayerc2007-12-17

💥Exploits & PoCs

1
Exploit-DB
Media Player Classic 6.4.9 - '.MP4' File Stack Overflow2007-12-08
CVE-2007-6402 (CRITICAL CVSS 9.3) | Stack-based buffer overflow in mpla | cvebase.io