CVE-2009-1612
Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- May 11, 2009
- Published Date
- May 11, 2009
- Last Updated
- August 07, 2024
- Vendor
- Baofeng
- Product
- Storm
- Description
- Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 3.09.04.17 and earlier are also affected.
- Tags
- Exploited in the Wild
- Yes (2009-05-11 20:00:00 UTC) Source
metasploit_scanner
CVSS Scores
CVSS v2.0
9.3
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Exploit Status
References
Known Exploited Vulnerability Information
Source | Added Date |
---|---|
CVE | 2009-05-11 20:00:00 UTC |
Scanner Integrations
Scanner | URL | Date Detected |
---|---|---|
Metasploit | https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/baofeng_storm_onbeforevideodownload.rb | 2025-04-29 11:01:30 UTC |
Potential Proof of Concepts
Warning: These PoCs have not been tested and could contain malware. Use at your own risk.
baofeng_storm_onbeforevideodownload
Type: metasploit • Created: Unknown
Metasploit module for CVE-2009-1612
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Added to KEVIntel
-
Detected by Metasploit