CVE-2007-6533

Zoom Player <6.00 beta 2 - RCE

Title source: llm

Description

Buffer overflow in Zoom Player 6.00 beta 2 and earlier allows user-assisted remote attackers to execute arbitrary code via an HTTP link to a PLS file in a crafted ZPL file, which causes an overflow in Unicode handling when generating an error message.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Luigi Auriemma · phpremotemultiple

https://www.exploit-db.com/exploits/30933

View Code ZIP pw:eip

References (8)

[Third Party Advisory] http://aluigi.altervista.org/adv/zoomprayer-adv.txt

[Third Party Advisory, VDB Entry] http://osvdb.org/39872

[Third Party Advisory] http://secunia.com/advisories/28214

[Exploit] http://www.securityfocus.com/bid/27007

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39262

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/archive/1/485499/100/0/threaded

[Third Party Advisory] http://www.vupen.com/english/advisories/2007/4309

[Third Party Advisory] http://securityreason.com/securityalert/3486

Scores

EPSS 0.1758

EPSS Percentile 95.1%

Details

CWE

CWE-119

Status published

Products (2)

inmatrix/zoom_player 5

inmatrix/zoom_player 6.00beta2

Published Dec 27, 2007

Tracked Since Feb 18, 2026