CVE-2007-4722

Move Media Player - Stack-Based Buffer Overflow via Play or Buzzer Method

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2007-4722. PoCs published by Elazar, anonymous.

AI-analyzed exploit summary This exploit targets a SEH overwrite vulnerability in Move Networks Quantum Streaming Player via a crafted HTML file. It uses a Metasploit-generated shellcode to execute `calc.exe` on Windows XP SP2 with IE6.

Description

Multiple stack-based buffer overflows in the Quantum Streaming Internet Explorer Player ActiveX control in qsp2ie07051001.dll 1.0.0.1 in Move Media Player allow remote attackers to execute arbitrary code via a long string to the (1) Play and (2) Buzzer methods.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Elazar · htmlremotewindows
https://www.exploit-db.com/exploits/4868

This exploit targets a SEH overwrite vulnerability in Move Networks Quantum Streaming Player via a crafted HTML file. It uses a Metasploit-generated shellcode to execute `calc.exe` on Windows XP SP2 with IE6.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Move Networks Quantum Streaming Player (version not specified)
No auth needed
Prerequisites: Victim must open the malicious HTML file in Internet Explorer 6 on Windows XP SP2 · Move Networks Quantum Streaming Player must be installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by anonymous · htmlremotewindows
https://www.exploit-db.com/exploits/30562

This exploit targets a buffer overflow vulnerability in Move Media Player's ActiveX control (CVE-2007-4722) by overwriting SEH to execute arbitrary shellcode. It uses a Metasploit-generated payload to launch calc.exe on Windows XP SP2.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: Move Media Player 1.0.0.1
No auth needed
Prerequisites: Victim must visit a malicious webpage using Internet Explorer with the vulnerable ActiveX control installed
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (6)

Core 6
Core References
US Government Resource third-party-advisory x_refsource_cert-vn
http://www.kb.cert.org/vuls/id/298345
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/26600
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/25529
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://osvdb.org/37778
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36433
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/4868

Scores

EPSS 0.1007
EPSS Percentile 95.0%

Details

CWE
CWE-119
Status published
Products (1)
move_networks_inc/move_media_player 1.0.1
Published Sep 05, 2007
Tracked Since Feb 18, 2026