CVE-2011-1065
PIPI Player 2.8.0.0 - Remote Code Execution via Long Arguments to PlayURL or PlayURLWithLocalPlayer Methods
Title source: llmDescription
Multiple stack-based buffer overflows in the PIPIWebPlayer ActiveX control (PIWebPlayer.ocx) in PIPI Player 2.8.0.0 allow remote attackers to execute arbitrary code via long arguments to the (1) PlayURL or (2) PlayURLWithLocalPlayer methods.
References (5)
Core 5
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43394
Various Sources x_refsource_misc
http://www.wooyun.org/bugs/wooyun-2010-01383
Various Sources x_refsource_misc
http://www.wooyun.org/bugs/wooyun-2010-01382
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/46468
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65537
Scores
EPSS
0.0417
EPSS Percentile
89.7%
Details
CWE
CWE-119
Status
published
Products (1)
pipi/pipi_player
2.8.0.0
Published
Feb 23, 2011
Tracked Since
Feb 18, 2026