CVE-2009-4841
published 2010-05-06CVE-2009-4841: Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary…
PriorityP350critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.30%
93.6th percentile
Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the DiskType method. NOTE: this might overlap CVE-2007-1559.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| roxio | cineplayer | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-5wh5-58m7-cqc8: Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer
ghsa_unreviewed·2022-05-02·CVSS 9.3
CVE-2009-4841 [CRITICAL] CWE-119 GHSA-5wh5-58m7-cqc8: Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer
Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the DiskType method. NOTE: this might overlap CVE-2007-1559.
Red Hat
openoffice.org: text converter memory corruption via a crafted (1) .doc, (2) .wri, or (3) .rtf Word97 file
vendor_redhat·2008-12-09·CVSS 9.3
CVE-2009-0259 [CRITICAL] openoffice.org: text converter memory corruption via a crafted (1) .doc, (2) .wri, or (3) .rtf Word97 file
openoffice.org: text converter memory corruption via a crafted (1) .doc, (2) .wri, or (3) .rtf Word97 file
The Word processor in OpenOffice.org 1.1.2 through 1.1.5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted (1) .doc, (2) .wri, or (3) .rtf Word 97 file that triggers memory corruption, as exploited in the wild in December 2008, as demonstrated by 2008-crash.doc.rar, and a similar issue to CVE-2008-4841.
Statement: This issue can only result in an OpenOffice.org crash, not allowing arbitrary code execution. Red Hat does not consider a crash of a client application such as OpenOffice.org to be a security issue.
No detection rules found.
2010-05-06
Published