CVE-2007-4816

EXPLOITED

Baofeng Storm - Memory Corruption

Title source: rule

Description

Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage, or (3) titleImage property value; (4) a long first argument to the advancedOpen method; a long argument to the (5) isDVDPath or (6) rawParse method; or (7) a .smpl file with a long path attribute in an item element in a PlayList.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ZhenHan.Liu · textdoswindows

https://www.exploit-db.com/exploits/4375

View Code ZIP pw:eip

References (9)

[Exploit] http://www.milw0rm.com/sploits/09082007-storm.zip

[Exploit] http://www.securityfocus.com/bid/25601

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36540

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36542

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/36543

[Exploit, Third Party Advisory] https://www.exploit-db.com/exploits/4375

[Third Party Advisory, VDB Entry] http://osvdb.org/40491

[Third Party Advisory] http://secunia.com/advisories/26749

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/3111

Scores

EPSS 0.1339

EPSS Percentile 94.2%

Details

VulnCheck KEV 2011-09-01

CWE

CWE-119

Status published

Products (2)

baofeng/storm 2.8

baofeng/storm 2.9

Published Sep 11, 2007

Tracked Since Feb 18, 2026