Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage, or (3) titleImage property value; (4) a long first argument to the advancedOpen method; a long argument to the (5) isDVDPath or (6) rawParse method; or (7) a .smpl file with a long path attribute in an item element in a PlayList.
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
| Link | Tags |
|---|---|
| http://osvdb.org/40491 | vdb entry |
| http://www.milw0rm.com/sploits/09082007-storm.zip | exploit |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36542 | vdb entry |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36543 | vdb entry |
| http://secunia.com/advisories/26749 | third party advisory |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/36540 | vdb entry |
| http://www.securityfocus.com/bid/25601 | vdb entry exploit |
| https://www.exploit-db.com/exploits/4375 | exploit |
| http://www.vupen.com/english/advisories/2007/3111 | vdb entry |