CVE-2008-0090
published 2008-01-04CVE-2008-0090: A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long…
PriorityP421medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
22.53%
97.4th percentile
A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| divx | divx_player | — | — |
| microsoft | internet_explorer | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
vendor_cisco4.9MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9wrj-rmxw-vgxr: A certain ActiveX control in npUpload
ghsa_unreviewed·2022-05-01
CVE-2008-0090 [MEDIUM] CWE-119 GHSA-9wrj-rmxw-vgxr: A certain ActiveX control in npUpload
A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method.
Cisco
Cisco VPN Client IPSec Driver Kernel Memory Corruption Vulnerability
vendor_cisco·2008-01-15·CVSS 4.9
CVE-2008-0324 [MEDIUM] CWE-399 Cisco VPN Client IPSec Driver Kernel Memory Corruption Vulnerability
Cisco VPN Client IPSec Driver Kernel Memory Corruption Vulnerability
Cisco VPN Client for Windows version 5.0.02.0090 contains a vulnerability that could allow a local attacker to cause the affected system to fail and restart, resulting in a denial of service (DoS) condition.
This vulnerability exists due to invalid memory operations. An attacker could exploit this vulnerability by running a program designed to make malicious requests to the affected application. As a result of processing these requests, the application could corrupt system memory,causing the system to fail and restart, thus denying service to legitimate users.
Proof-of-concept code exists that demonstrates a DoS condition.
Cisco has not confirmed this vulnerability and updates are not available.
An attacker must log on
No detection rules found.
Exploit-DB
Cisco VPN Client - IPSec Driver Local kernel system pool Corruption (PoC)
exploitdb·2008-01-15
CVE-2008-0324 Cisco VPN Client - IPSec Driver Local kernel system pool Corruption (PoC)
Cisco VPN Client - IPSec Driver Local kernel system pool Corruption (PoC)
---
/* cpndrv-dos.c
*
* Copyright (c) 2008 by
*
* Cisco Systems VPN Client IPSec Driver local kernel system pool corruption POC
* by mu-b - Sat 11 Jan 2008
*
* - Tested on: CVPNDRVA.sys 5.0.02.0090
*
* specifying an input buffer size less-than 8+31-bytes results in the
* local kernel non-paged pool (METHOD_BUFFERED) being corrupted with
* uninitialised (dangling) kernel stack memory via an inline memcpy.
*
* Compile: MinGW + -lntdll
*
* - Private Source Code -DO NOT DISTRIBUTE -
* http://www.digit-labs.org/ -- Digit-Labs 2008!@$!
*/
#include
#include
#include
#include
#define CVPN_IOCTL 0x80002038
#define CVPN_LEN 0x10 /* n \n"
"http://www.digit-labs.org/ -- Digit-Labs 2008!@$!\n\n");
hFile = CreateFileA ("\\\\
Exploit-DB
DivX Player 6.6.0 - ActiveX 'SetPassword()' Denial of Service (PoC)
exploitdb·2008-01-02
CVE-2008-0090 DivX Player 6.6.0 - ActiveX 'SetPassword()' Denial of Service (PoC)
DivX Player 6.6.0 - ActiveX 'SetPassword()' Denial of Service (PoC)
---
function crash() {
var buff = '';
for(i=0;i
DivX SetPassword (npUpload.dll) Denial of Service
Tested on IE 7 and Divx Player 6.6.0
Registers:
EAX 00000000
ECX FFFFFFFF
EDX 0191CA50
EBX 008E06E0
ESP 0191C9E4
EBP 0191CA50
ESI 00000000
EDI 00000000
EIP 061F2B52 npUpload.061F2B52
Access violation when reading [00000000]...
Discovered by shir, 02/01/2007
Crash...
# milw0rm.com [2008-01-02]
No writeups or analysis indexed.
2008-01-04
Published