CVE-2007-4816

EXPLOITED

BaoFeng Storm - Multiple Buffer Overflows in ActiveX Control via Long Property Values

Title source: llm

Exploitation Summary

CVE-2007-4816 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 1 public exploit from researchers including ZhenHan.Liu.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in the BaoFeng2 Mps.dll ActiveX control, allowing remote code execution. The PoC is provided as a binary within a ZIP file, typical for exploits of this era.

Description

Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage, or (3) titleImage property value; (4) a long first argument to the advancedOpen method; a long argument to the (5) isDVDPath or (6) rawParse method; or (7) a .smpl file with a long path attribute in an item element in a PlayList.

Exploits (1)

exploitdb WORKING POC VERIFIED

by ZhenHan.Liu · textdoswindows

https://www.exploit-db.com/exploits/4375

View Code ZIP pw:eip

This exploit targets a buffer overflow vulnerability in the BaoFeng2 Mps.dll ActiveX control, allowing remote code execution. The PoC is provided as a binary within a ZIP file, typical for exploits of this era.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: BaoFeng2 Mps.dll ActiveX control

No auth needed

Prerequisites: Victim must have the vulnerable ActiveX control installed · Attacker must deliver the exploit via a malicious webpage or file

MITRE ATT&CK