English | Deutsch | Español | Português
 UserID:
 Passwd:
new user
 About:   Dedicated  | Advanced  | Standard  | Recurring  | No Risk  | Desktop  | Basic  | Single  | Security Seal  | FAQ
  Price/Feature Summary  | Order  | New Vulnerabilities  | Confidentiality  | Vulnerability Search
 Vulnerability   
Search   
    Search 76783 CVE descriptions
and 40246 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.902346
Category:Buffer overflow
Title:PIPI Player PIPIWebPlayer ActiveX Control Buffer Overflow Vulnerability
Summary:Check for the version of PIPI Player
Description:
Overview: This host is installed with PIPI Player and is prone to buffer
overflow vulnerability.

Vulnerability Insight:
The flaw is due to an error when processing the 'PlayURL()' and
'PlayURLWithLocalPlayer()' methods. This can be exploited to cause a
stack-based buffer overflow via an overly long string passed to the methods.

Impact:
Successful exploitation will allow remote attackers to execute arbitrary
code in the context of the application.

Impact Level: Application.

Affected Software:
PIPI Player version 2.8.0.0

Fix: No solution or patch is available as of 28th Febraury, 2011. Information
regarding this issue will update once the solution details are available.
For updates refer to http://pipi.cn/down/index.html

References:
http://secunia.com/advisories/43394
http://xforce.iss.net/xforce/xfdb/65537
http://www.wooyun.org/bugs/wooyun-2010-01383
Cross-Ref: BugTraq ID: 46468
Common Vulnerability Exposure (CVE) ID: CVE-2011-1065
http://www.wooyun.org/bugs/wooyun-2010-01382
http://www.wooyun.org/bugs/wooyun-2010-01383
http://www.securityfocus.com/bid/46468
http://secunia.com/advisories/43394
XForce ISS Database: pipiplayer-activex-control-bo(65537)
http://xforce.iss.net/xforce/xfdb/65537
CopyrightCopyright (C) 2011 SecPod

This is only one of 40246 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

New User Registration
Email:
UserID:
Passwd:
Please email me your monthly newsletters, informing the latest services, improvements & surveys.
Please email me a vulnerability test announcement whenever a new test is added.
   Privacy
Registered User Login
 
UserID:   
Passwd:  

 Forgot userid or passwd?
Email/Userid:




Home | About Us | Contact Us | Partner Programs | Developer APIs | Privacy | Mailing Lists | Abuse
Security Audits | Managed DNS | Network Monitoring | Site Analyzer | Internet Research Reports
Web Probe | Whois

© 1998-2014 E-Soft Inc. All rights reserved.