CVE-2009-2970
UiTV UiPlayer - Stack-based Buffer Overflow via GetUiDllVersion Filename Parameter
Title source: llmDescription
Stack-based buffer overflow in the GetUiDllVersion function in an ActiveX control in UiCheck.dll before 1.0.0.7 in UiTV UiPlayer, as used in BaiduX and other products, allows remote attackers to execute arbitrary code via the filename parameter.
References (2)
Core 2
Core References
Various Sources x_refsource_misc
http://www.nsfocus.com/en/advisories/0901.html
Third Party Advisory, VDB Entry mailing-list
x_refsource_bugtraq
http://www.securityfocus.com/archive/1/507236/100/0/threaded
Scores
EPSS
0.0331
EPSS Percentile
87.1%
Details
CWE
CWE-119
Status
published
Products (2)
baidu/baidux
uitv/uiplayer
Published
Oct 19, 2009
Tracked Since
Feb 18, 2026