KEVIntel
PRO Back to KEVs
9.3
CVSS
High

CVE-2009-1612

PUBLISHED

Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute...

Exploited in the wild PoC available Remote
Vendor
Baofeng
Product
Storm
Published
May 11, 2009
EPSS

Automate this intelligence with the Pro API

Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot data — is available programmatically for VM, SOC, and CTI workflows.

Learn about Pro

Description

Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 3.09.04.17 and earlier are also affected.

metasploit

CVSS scores

CVSS v2.0 9.3 High

AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitation status

Exploited in the wild

Recorded 2009-05-11 20:00:00 UTC · CVE

Proof of concept available

Recorded 2025-04-28 15:02:37 UTC

References

Known exploited vulnerability sources

Catalogues that list this CVE as a known exploited vulnerability.

Source Added
CVE First 2009-05-11 20:00 UTC

Scanner integrations

Scanner Reference Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/browser/baofeng_storm_onbeforevideodownload.rb Apr 28, 2025

Potential proof of concepts

These PoCs are unverified and could contain malware. Use at your own risk.

baofeng_storm_onbeforevideodownload

metasploit · Created Unknown

Metasploit module for CVE-2009-1612

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Proof of Concept Exploit Available

  • Detected by Metasploit