CVSS: 9.8EPSS: 3%CPEs: 3EXPL: 1CVE-2014-10024
https://notcve.org/view.php?id=CVE-2014-10024
13 Jan 2015 — Multiple integer signedness errors in DirectShowDemuxFilter, as used in Divx Web Player, Divx Player, and other Divx plugins, allow remote attackers to execute arbitrary code via a (1) negative or (2) large value in a Stream Format (STRF) chunk in an AVI file, which triggers a heap-based buffer overflow. Múltiples errores del signo de enteros en DirectShowDemuxFilter, utilizado en Divx Web Player, Divx Player, y otros plugins de Divx, permiten a atacantes remotos ejecutar código arbitrario a través de un va... • http://seclists.org/fulldisclosure/2014/Apr/283 • CWE-189: Numeric Errors •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5231
https://notcve.org/view.php?id=CVE-2010-5231
07 Sep 2012 — Untrusted search path vulnerability in DivX Player 7.2.019 allows local users to gain privileges via a Trojan horse VersionCheckDLL.dll file in the current working directory, as demonstrated by a directory that contains a .avi file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de ruta de búsqueda no confiable en DivX Player v7.2.019 permite a usuarios locales obtener privilegios a través de un archivo VersionCheckDLL.dll ca... • http://secunia.com/advisories/41108 •
CVSS: 7.3EPSS: 0%CPEs: 1EXPL: 0CVE-2010-5232
https://notcve.org/view.php?id=CVE-2010-5232
07 Sep 2012 — Untrusted search path vulnerability in DivX Plus Player 8.1.0 allows local users to gain privileges via a Trojan horse ssleay32.dll file in a certain directory. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Vulnerabilidad de ruta de búsqueda no confiable en DivX Plus Player V8.1.0 permite a usuarios locales obtener privilegios a través de un archivo ssleay32.dll caballo de troya en un directorio determinado. NOTA: el origen de esta informa... • http://secunia.com/advisories/41108 •
CVSS: 9.3EPSS: 5%CPEs: 14EXPL: 0CVE-2008-5259
https://notcve.org/view.php?id=CVE-2008-5259
16 Apr 2009 — Integer signedness error in DivX Web Player 1.4.2.7, and possibly earlier versions, allows remote attackers to execute arbitrary code via a DivX file containing a crafted Stream Format (STRF) chunk, which triggers a heap-based buffer overflow. Error de presencia de signo entero en DivX Web Player v1.4.2.7, y posiblemente versiones anteriores, permite a atacantes remotos ejecutar código de su elección mediante un fichero DivX que contenga una porción Stream Format (STRF) manipulada, lo que dispara un desbord... • http://secunia.com/advisories/33196 • CWE-189: Numeric Errors •
CVSS: 9.3EPSS: 30%CPEs: 1EXPL: 2CVE-2008-1912 – DivX Player 6.7.0 - '.srt' File Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-1912
22 Apr 2008 — Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and earlier allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long subtitle in a .SRT file. Desbordamiento de búfer basado en pila en DivX Player 6.7 build 6.7.0.22 y versiones anteriores permite a atacantes remotos con usuario asistido provocar una denegación de servicio (caída de aplicación) o ejecutar código de su elección a través de un subtítulo largo en un fichero .SRT. • https://www.exploit-db.com/exploits/5453 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 2CVE-2008-1800 – DivXDB 2002 0.94b - Multiple Cross-Site Scripting Vulnerabilities
https://notcve.org/view.php?id=CVE-2008-1800
15 Apr 2008 — Multiple cross-site scripting (XSS) vulnerabilities in index.php in DivXDB 2002 0.94b allow remote attackers to inject arbitrary web script or HTML via the (1) choice, (2) _page_, (3) zone_admin, (4) general_search, and (5) import parameters. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information. Múltiples vulnerabilidades de secuencias de comandos en sitios cruzados (XSS) en index.php de DivXDB 2002 0.94b permite a atacantes remotos inyectar web s... • https://www.exploit-db.com/exploits/31590 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.5EPSS: 12%CPEs: 2EXPL: 2CVE-2008-0090 – DivX Player 6.6.0 - ActiveX 'SetPassword()' Denial of Service (PoC)
https://notcve.org/view.php?id=CVE-2008-0090
04 Jan 2008 — A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method. Un determinado control ActiveX de npUpload.dll de DivX Player 6.6.0 permite a atacantes remotos provocar una denegación de servicio (Caída de Internet Explorer 7) mediante un argumento largo en el método SetPassword. • https://www.exploit-db.com/exploits/4829 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 4%CPEs: 2EXPL: 1CVE-2007-2601
https://notcve.org/view.php?id=CVE-2007-2601
11 May 2007 — Buffer overflow in a certain ActiveX control in the GDivX Zenith Player AviFixer class in fix.dll 1.0.0.1 allows remote attackers to execute arbitrary code via a long SetInputFile property value. Desbordamiento de búfer en un control ActiveX concreto en la clase GDivX Zenith Player AviFixer en fix.dll 1.0.0.1 permite a atacantes remotos ejecutar código de su elección mediante un valor de propiedad SetInputFile largo. • http://moaxb.blogspot.com/2007/05/moaxb-11-bonus-gdivx-zenith-player.html. •
CVSS: 7.8EPSS: 4%CPEs: 1EXPL: 2CVE-2007-1294 – DivX Web Player 1.3.0 - 'npdivx32.dll' Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-1294
07 Mar 2007 — A certain ActiveX control in the DivXBrowserPlugin (npdivx32.dll) in DivX Web Player, as distributed with DivX Player 1.3.0, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via large values to DivxWP.Resize, related to resizing images. Cierto control ActiveX en DivXBrowserPlugin (npdivx32.dll) de DivX Web Player, como el distribuido con DivX Player 1.3.0, permite a atacantes remotos provocar una denegación de servicio (caída de Internet Explorer 7) pasando valores grandes a ... • https://www.exploit-db.com/exploits/3392 •
CVSS: 7.5EPSS: 4%CPEs: 1EXPL: 1CVE-2007-0429 – DivX Player 6.4.1 - DivXBrowserPlugin 'npdivx32.dll' IE Denial of Service
https://notcve.org/view.php?id=CVE-2007-0429
23 Jan 2007 — DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed with DivX Player 6.4.1, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the GoWindowed method for a certain instance of the ActiveX object. DivXBrowerPlugin (también conocido como DivX Web Player) npdivx32.dll, como se distribuye con DivX Player 6.4.1, permite a atacantes remotos provocar una denegación de servicio (cierre de Internet Explorer 7) invocando el método GoWindowed para una determina... • https://www.exploit-db.com/exploits/3157 •