CVE-2007-0443

critical

Description

Multiple buffer overflows in the CDDBControl ActiveX control in Gracenote CDDB before 20070418 allow remote attackers to execute arbitrary code via long values for certain Proxy configuration parameters.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/33773

http://www.zerodayinitiative.com/advisories/ZDI-07-021.html

http://www.vupen.com/english/advisories/2007/1475

http://www.securitytracker.com/id?1017937

http://www.securityfocus.com/bid/23567

http://www.securityfocus.com/archive/1/466403/100/0/threaded

http://www.gracenote.com/corporate/FAQs.html/faqset=update/page=0

http://secunia.com/advisories/22924

http://osvdb.org/34327

Details

Source: Mitre, NVD

Published: 2007-04-24

Updated: 2025-04-09

Risk Information

CVSS v2

Base Score: 9.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.13488

Detections

Analytics