製品・ソフトウェアに関する情報

JVN脆弱性詳細

InterActual Player などの IASystemInfo.dll ActiveX コントロールにおけるスタックベースのバッファオーバーフローの脆弱性

Title	InterActual Player などの IASystemInfo.dll ActiveX コントロールにおけるスタックベースのバッファオーバーフローの脆弱性
Summary	(1) InterActual Player、(2) Roxio CinePlayer、および (3) WinDVD などの IASystemInfo.dll ActiveX コントロールには、スタックベースのバッファオーバーフローの脆弱性が存在します。
Possible impacts	第三者により、過度に長い ApplicationType プロパティを介して、任意のコードを実行される可能性があります。
Solution	ベンダ情報および参考情報を参照して適切な対策を実施してください。
Publication Date	March 21, 2007, midnight
Registration Date	Sept. 25, 2012, 4:47 p.m.
Last Update	Sept. 25, 2012, 4:47 p.m.

CVSS2.0 : 危険
Score	9.3
Vector	AV:N/AC:M/Au:N/C:C/I:C/A:C

Affected System

ROXIO

cineplayer 3.2

interactual technologies

interactual player 2.60.12.0717

intervideo

windvd 7.0.27.172

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-0348	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0348
National Vulnerability Database (NVD)
2	CVE-2007-0348	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-0348

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-119	https://jvndb.jvn.jp/ja/cwe/CWE-119.html

ベンダー情報

No	Name	URL
intervideo
1	Top Page	http://www.corel.com/corel/
ROXIO
2	CinePlayer	http://www.roxio.com/enu/products/cineplayer/standard/overview.html

その他

No	Name	URL
US-CERT Vulnerability Note
1	VU#922969	http://www.kb.cert.org/vuls/id/922969

Change Log

No	Changed Details	Date of change
0	[2012年09月25日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-0348

Summary	Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in (1) InterActual Player 2.60.12.0717, (2) Roxio CinePlayer 3.2, (3) WinDVD 7.0.27.172, and possibly other products, allows remote attackers to execute arbitrary code via a long ApplicationType property.
Summary	Un desbordamiento de búfer en la región stack de la memoria en el control ActiveX de la biblioteca IASystemInfo.dll en (1) InterActual Player versión 2.60.12.0717, (2) Roxio CinePlayer versión 3.2, (3) WinDVD versión 7.0.27.172, y posiblemente otros productos, permite a los atacantes remotos ejecutar código arbitrario por medio de una propiedad ApplicationType larga.
Publication Date	March 22, 2007, 4:19 a.m.
Registration Date	Jan. 29, 2021, 2:05 p.m.
Last Update	April 23, 2026, 9:35 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:interactual_technologies:interactual_player:2.60.12.0717:::::::*
cpe:2.3:a:intervideo:windvd:7.0.27.172:::::::*
cpe:2.3:a:roxio:cineplayer:3.2:::::::*

Related information, measures and tools

No	URL	refsource
1	http://osvdb.org/34314	PSIRT-CNA@flexerasoftware.com
2	http://osvdb.org/34315	PSIRT-CNA@flexerasoftware.com
3	http://secunia.com/advisories/23032	PSIRT-CNA@flexerasoftware.com
4	http://secunia.com/advisories/23075	PSIRT-CNA@flexerasoftware.com
5	http://secunia.com/advisories/24556	PSIRT-CNA@flexerasoftware.com
6	http://secunia.com/secunia_research/2007-37/advisory/	PSIRT-CNA@flexerasoftware.com
7	http://www.kb.cert.org/vuls/id/922969	PSIRT-CNA@flexerasoftware.com
8	http://www.securityfocus.com/archive/1/463405/100/0/threaded	PSIRT-CNA@flexerasoftware.com
9	http://www.securityfocus.com/bid/23071	PSIRT-CNA@flexerasoftware.com
10	http://www.vupen.com/english/advisories/2007/1042	PSIRT-CNA@flexerasoftware.com
11	http://www.vupen.com/english/advisories/2007/1043	PSIRT-CNA@flexerasoftware.com
12	https://exchange.xforce.ibmcloud.com/vulnerabilities/33186	PSIRT-CNA@flexerasoftware.com
13	http://osvdb.org/34314	af854a3a-2127-422b-91ae-364da2661108
14	http://osvdb.org/34315	af854a3a-2127-422b-91ae-364da2661108
15	http://secunia.com/advisories/23032	af854a3a-2127-422b-91ae-364da2661108
16	http://secunia.com/advisories/23075	af854a3a-2127-422b-91ae-364da2661108
17	http://secunia.com/advisories/24556	af854a3a-2127-422b-91ae-364da2661108
18	http://secunia.com/secunia_research/2007-37/advisory/	af854a3a-2127-422b-91ae-364da2661108
19	http://www.kb.cert.org/vuls/id/922969	af854a3a-2127-422b-91ae-364da2661108
20	http://www.securityfocus.com/archive/1/463405/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108
21	http://www.securityfocus.com/bid/23071	af854a3a-2127-422b-91ae-364da2661108
22	http://www.vupen.com/english/advisories/2007/1042	af854a3a-2127-422b-91ae-364da2661108
23	http://www.vupen.com/english/advisories/2007/1043	af854a3a-2127-422b-91ae-364da2661108
24	https://exchange.xforce.ibmcloud.com/vulnerabilities/33186	af854a3a-2127-422b-91ae-364da2661108

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-119	バッファエラー	https://cwe.mitre.org/data/definitions/118.html