Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-0090Improper Restriction of Operations within the Bounds of a Memory Buffer in Player

CWE-119Improper Restriction of Operations within the Bounds of a Memory BufferCWE-3995 documents4 sources
Severity
5.0MEDIUMNVD
EPSS
12.5%
top 6.03%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Divx PlayerMicrosoft Internet Explorer
Timeline
PublishedJan 4
Latest updateMay 1

Description

A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDdivx/divx_player6.6.0

🔴Vulnerability Details

1
GHSA
GHSA-9wrj-rmxw-vgxr: A certain ActiveX control in npUpload2022-05-01

💥Exploits & PoCs

2
Exploit-DB
Cisco VPN Client - IPSec Driver Local kernel system pool Corruption (PoC)2008-01-15
Exploit-DB
DivX Player 6.6.0 - ActiveX 'SetPassword()' Denial of Service (PoC)2008-01-02

📋Vendor Advisories

1
Cisco
Cisco VPN Client IPSec Driver Kernel Memory Corruption Vulnerability2008-01-15