CVE-2009-1807 – BaoFeng - 'config.dll' ActiveX Remote Code Execution
https://notcve.org/view.php?id=CVE-2009-1807
Unspecified vulnerability in Config.dll in Baofeng products 3.09.04.17 and earlier allows remote attackers to execute arbitrary code by calling the SetAttributeValue method, as exploited in the wild in April and May 2009. Vulnerabilidad sin especificar en Config.dll en productos Baofeng v3.09.04.17 y anteriores permite a atacantes remotos ejecutar código de su elección llamando al método SetAttributeValue, como se ha explotado libremente en Abril y Mayo de 2009. • https://www.exploit-db.com/exploits/8757 http://www.cisrt.org/enblog/read.php?245 http://www.vupen.com/english/advisories/2009/1392 •
CVE-2009-1612 – BaoFeng - ActiveX 'OnBeforeVideoDownload()' Remote Buffer Overflow
https://notcve.org/view.php?id=CVE-2009-1612
Stack-based buffer overflow in the MPS.StormPlayer.1 ActiveX control in mps.dll 3.9.4.27 in Baofeng Storm allows remote attackers to execute arbitrary code via a long argument to the OnBeforeVideoDownload method, as exploited in the wild in April and May 2009. NOTE: some of these details are obtained from third party information. NOTE: it was later reported that 3.09.04.17 and earlier are also affected. Un desbordamiento de búfer en la región stack de la memoria en el control ActiveX de MPS.StormPlayer.1 en la biblioteca mps.dll versión 3.9.4.27 en Storm de Baofeng, permite a los atacantes remotos ejecutar código arbitrario por medio de un argumento largo en el método OnBeforeVideoDownload, como se explotó “in the wild” en abril y mayo de 2009. NOTA: algunos de estos datos fueron obtenidos de la información de terceros. • https://www.exploit-db.com/exploits/8579 https://www.exploit-db.com/exploits/16553 http://secunia.com/advisories/34944 http://www.cisrt.org/enblog/read.php?245 http://www.securityfocus.com/bid/34789 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2007-4816 – BaoFeng2 - 'mps.dll' ActiveX Multiple Remote Buffer Overflows (PoC)
https://notcve.org/view.php?id=CVE-2007-4816
Multiple buffer overflows in the BaoFeng2 storm ActiveX control in Mps.dll allow remote attackers to have an unknown impact via a long (1) URL, (2) backImage, or (3) titleImage property value; (4) a long first argument to the advancedOpen method; a long argument to the (5) isDVDPath or (6) rawParse method; or (7) a .smpl file with a long path attribute in an item element in a PlayList. Múltiples desbordamientos de búfer en el control ActiveX BaoFeng2 storm en Mps.dll permiten a atacantes remotos tener impacto desconocido mediante un valor largo de (1) URL, (2) la propiedad backImage, o (3) la propiedad titleImage; (4) un primer argumento largo para el método advancedOpen; un argumento largo para el método (5)isDVDPath o (6)rawParse; o (7) un archivo .smpl con un atributo path (ruta) largo en un elemento item de una lista de reproducción (PlayList). • https://www.exploit-db.com/exploits/4375 http://osvdb.org/40491 http://secunia.com/advisories/26749 http://www.milw0rm.com/sploits/09082007-storm.zip http://www.securityfocus.com/bid/25601 http://www.vupen.com/english/advisories/2007/3111 https://exchange.xforce.ibmcloud.com/vulnerabilities/36540 https://exchange.xforce.ibmcloud.com/vulnerabilities/36542 https://exchange.xforce.ibmcloud.com/vulnerabilities/36543 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •