Vulnerabilities > CVE-2007-1559 - Remote Buffer Overflow vulnerability in Roxio Cineplayer 3.2

047910
CVSS 9.3 - CRITICAL
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
COMPLETE
Integrity impact
COMPLETE
Availability impact
COMPLETE
network
roxio
critical
exploit available
metasploit
NVD
Published: 2007-04-11
Updated: 2017-07-29

Summary

Multiple stack-based buffer overflows in SonicDVDDashVRNav.dll in Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via (1) unspecified long property values to SonicMediaPlayer.dll or (2) long arguments to unspecified methods in SonicMediaPlayer.dll.

Vulnerable Configurations

Part Description Count
Application
Roxio
1

Exploit-Db

  • descriptionRoxio CinePlayer 3.2 SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow Vulnerability. CVE- 2007-1559,CVE-2007-1559. Remote exploit for windows pla...
    idEDB-ID:29840
    last seen2016-02-03
    modified2007-04-11
    published2007-04-11
    reporterCarsten Eiram
    sourcehttps://www.exploit-db.com/download/29840/
    titleRoxio CinePlayer 3.2 SonicDVDDashVRNav.DLL ActiveX Control Remote Buffer Overflow Vulnerability
  • descriptionRoxio CinePlayer ActiveX Control Buffer Overflow. CVE-2007-1559. Remote exploit for windows platform
    idEDB-ID:16559
    last seen2016-02-02
    modified2010-04-30
    published2010-04-30
    reportermetasploit
    sourcehttps://www.exploit-db.com/download/16559/
    titleRoxio CinePlayer ActiveX Control Buffer Overflow

Metasploit

descriptionThis module exploits a stack-based buffer overflow in SonicPlayer ActiveX control (SonicMediaPlayer.dll) 3.0.0.1 installed by Roxio CinePlayer 3.2. By setting an overly long value to 'DiskType', an attacker can overrun a buffer and execute arbitrary code.
idMSF:EXPLOIT/WINDOWS/BROWSER/ROXIO_CINEPLAYER
last seen2020-06-14
modified2017-07-24
published2009-05-24
referenceshttps://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-1559
reporterRapid7
sourcehttps://github.com/rapid7/metasploit-framework/blob/master//modules/exploits/windows/browser/roxio_cineplayer.rb
titleRoxio CinePlayer ActiveX Control Buffer Overflow

Packetstorm

data sourcehttps://packetstormsecurity.com/files/download/82975/roxio_cineplayer.rb.txt
idPACKETSTORM:82975
last seen2016-12-05
published2009-11-26
reporterTrancer
sourcehttps://packetstormsecurity.com/files/82975/Roxio-CinePlayer-ActiveX-Control-Buffer-Overflow.html
titleRoxio CinePlayer ActiveX Control Buffer Overflow

References