CVE-2009-2970

UiTV UiPlayer - Stack-based Buffer Overflow via GetUiDllVersion Filename Parameter

Title source: llm
STIX 2.1

Description

Stack-based buffer overflow in the GetUiDllVersion function in an ActiveX control in UiCheck.dll before 1.0.0.7 in UiTV UiPlayer, as used in BaiduX and other products, allows remote attackers to execute arbitrary code via the filename parameter.

References (2)

Core 2
Core References
Various Sources x_refsource_misc
http://www.nsfocus.com/en/advisories/0901.html
Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507236/100/0/threaded

Scores

EPSS 0.0331
EPSS Percentile 87.1%

Details

CWE
CWE-119
Status published
Products (2)
baidu/baidux
uitv/uiplayer
Published Oct 19, 2009
Tracked Since Feb 18, 2026