CVE-2011-1065

PIPI Player 2.8.0.0 - Remote Code Execution via Long Arguments to PlayURL or PlayURLWithLocalPlayer Methods

Title source: llm
STIX 2.1

Description

Multiple stack-based buffer overflows in the PIPIWebPlayer ActiveX control (PIWebPlayer.ocx) in PIPI Player 2.8.0.0 allow remote attackers to execute arbitrary code via long arguments to the (1) PlayURL or (2) PlayURLWithLocalPlayer methods.

References (5)

Core 5
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/43394
Various Sources x_refsource_misc
http://www.wooyun.org/bugs/wooyun-2010-01383
Various Sources x_refsource_misc
http://www.wooyun.org/bugs/wooyun-2010-01382
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/46468
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65537

Scores

EPSS 0.0417
EPSS Percentile 89.7%

Details

CWE
CWE-119
Status published
Products (1)
pipi/pipi_player 2.8.0.0
Published Feb 23, 2011
Tracked Since Feb 18, 2026