Detections
Analytics

CVE-2007-0348

critical

Description

Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in (1) InterActual Player 2.60.12.0717, (2) Roxio CinePlayer 3.2, (3) WinDVD 7.0.27.172, and possibly other products, allows remote attackers to execute arbitrary code via a long ApplicationType property.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/33186

http://www.vupen.com/english/advisories/2007/1043

http://www.vupen.com/english/advisories/2007/1042

http://www.securityfocus.com/bid/23071

http://www.securityfocus.com/archive/1/463405/100/0/threaded

http://www.kb.cert.org/vuls/id/922969

http://secunia.com/secunia_research/2007-37/advisory/

http://secunia.com/advisories/24556

http://secunia.com/advisories/23075

http://secunia.com/advisories/23032

http://osvdb.org/34315

http://osvdb.org/34314

Details

Source: Mitre, NVD

Published: 2007-03-21

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.35137