CVE-2008-4664

Qvod Player - Memory Corruption

Title source: rule

Description

Heap-based buffer overflow in QvodInsert.QvodCtrl.1 ActiveX control (QvodInsert.dll) in QVOD Player before 2.1.5 build 0053 allows remote attackers to execute arbitrary code via a long URL property. NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WORKING POC VERIFIED

by anonymous · htmlremotewindows

https://www.exploit-db.com/exploits/31023

View Code ZIP pw:eip

References (4)

[Exploit, Patch] http://www.securityfocus.com/bid/27271

[Patch, Vendor Advisory] http://secunia.com/advisories/28494

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/39675

[Various Sources] http://hi.baidu.com/muma_reader/blog/item/46bd0d7a04eb75e92f73b36e.html

Scores

EPSS 0.1543

EPSS Percentile 94.7%

Details

CWE

CWE-119

Status published

Products (3)

qvod/qvod_player 1.0.1

qvod/qvod_player 2.0.1

qvod/qvod_player 2.5.1

Published Oct 22, 2008

Tracked Since Feb 18, 2026