CVE-2008-4384

Iseemedia Lpviewer - Memory Corruption

Title source: rule

Description

Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as acquired by Roxio and iseemedia, allow remote attackers to execute arbitrary code via the (1) url, (2) toolbar, and (3) enableZoomPastMax methods.

Exploits (2)

exploitdb WORKING POC VERIFIED

by Metasploit · rubyremotewindows

https://www.exploit-db.com/exploits/16571

View Code ZIP pw:eip

metasploit WORKING POC NORMAL

by MC · rubypocwin

https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/lpviewer_url.rb

View Code ZIP pw:eip

References (5)

[Vendor Advisory] http://secunia.com/advisories/32140

[Third Party Advisory, VDB Entry] http://www.securityfocus.com/bid/31604

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45699

[US Government Resource] http://www.kb.cert.org/vuls/id/848873

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/2749

Scores

EPSS 0.6500

EPSS Percentile 98.5%

Details

CWE

CWE-119

Status published

Products (3)

iseemedia/lpviewer

mgi_software/lpviewer

roxio/lpviewer

Published Oct 07, 2008

Tracked Since Feb 18, 2026