CVE-2007-0348

InterActual Player 2.60.12.0717 - Stack-based Buffer Overflow via ApplicationType Property

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-0348. PoCs published by Metasploit, MC, including Metasploit module exploits/windows/browser/windvd7_applicationtype.

AI-analyzed exploit summary This Metasploit module exploits a stack buffer overflow in the IASystemInfo.DLL ActiveX control in InterVideo WinDVD 7 by sending an overly long string to the 'ApplicationType()' property, leading to arbitrary code execution.

Description

Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in (1) InterActual Player 2.60.12.0717, (2) Roxio CinePlayer 3.2, (3) WinDVD 7.0.27.172, and possibly other products, allows remote attackers to execute arbitrary code via a long ApplicationType property.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Metasploit · rubyremotewindows
https://www.exploit-db.com/exploits/16529

This Metasploit module exploits a stack buffer overflow in the IASystemInfo.DLL ActiveX control in InterVideo WinDVD 7 by sending an overly long string to the 'ApplicationType()' property, leading to arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: InterVideo WinDVD 7
No auth needed
Prerequisites: Victim must visit a malicious webpage hosting the exploit · Target system must have WinDVD 7 installed with the vulnerable ActiveX control
devstral-2 · analyzed Feb 16, 2026 Full analysis →
metasploit WORKING POC NORMAL
by MC · rubypocwin
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/windvd7_applicationtype.rb

This Metasploit module exploits a stack buffer overflow in the IASystemInfo.DLL ActiveX control in InterVideo WinDVD 7 by sending an overly long string to the 'ApplicationType()' property, allowing arbitrary code execution.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: InterVideo WinDVD 7
No auth needed
Prerequisites: Victim must visit a malicious web page hosting the exploit · WinDVD 7 must be installed on the target system
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (12)

Core 12
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23075
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/33186
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/34314
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/23032
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/922969
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/34315
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1042
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/23071
Vendor Advisory vdb-entry x_refsource_vupen
http://www.vupen.com/english/advisories/2007/1043
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/24556
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/463405/100/0/threaded

Scores

EPSS 0.7269
EPSS Percentile 98.8%

Details

CWE
CWE-119
Status published
Products (3)
interactual_technologies/interactual_player 2.60.12.0717
intervideo/windvd 7.0.27.172
roxio/cineplayer 3.2
Published Mar 21, 2007
Tracked Since Feb 18, 2026