CyberSec.Space Logo
Back to CVE Browser

CVE-2007-6732

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0470%
EPSS Percentile12.17th
PublishedSep 13, 2009
Last ModifiedApr 23, 2026

Vulnerability Description

Multiple buffer overflows in the dtt_load function in loaders/dtt_load.c Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via unspecified vectors related to an untrusted length value and the (1) pofs and (2) plen arrays.

Affected Platforms (CPE)

πŸ“¦
Claudio Matsuoka

Extended Module Player

<= 2.5.1
πŸ“¦
Claudio Matsuoka

Extended Module Player

= 2.2.0
πŸ“¦
Claudio Matsuoka

Extended Module Player

= 2.2.1
πŸ“¦
Claudio Matsuoka

Extended Module Player

= 2.3.0
πŸ“¦
Claudio Matsuoka

Extended Module Player

= 2.3.1
πŸ“¦
Claudio Matsuoka

Extended Module Player

= 2.3.2
πŸ“¦
Claudio Matsuoka

Extended Module Player

= 2.4.0
πŸ“¦
Claudio Matsuoka

Extended Module Player

= 2.4.1
πŸ“¦
Claudio Matsuoka

Extended Module Player

= 2.5.0

References & Advisories

πŸ”— http://aluigi.altervista.org/adv/xmpbof-adv.txt
πŸ”— http://www.securityfocus.com/bid/27047
πŸ”— http://www.vupen.com/english/advisories/2008/0009
πŸ”— http://aluigi.altervista.org/adv/xmpbof-adv.txt
πŸ”— http://www.securityfocus.com/bid/27047
πŸ”— http://www.vupen.com/english/advisories/2008/0009

Related Vulnerabilities

CVE-2007-673110.0

Extended Module Player (XMP) 2.5.1 and earlier allow remote attackers to execute arbitrary code via an OXM file with a negative va...

CVE-2007-617210.0

Multiple SQL injection vulnerabilities in wpQuiz 2.7 allow remote attackers to execute arbitrary SQL commands via the id parameter...

CVE-2007-617610.0

kb_whois.cgi in K+B-Bestellsystem (aka KB-Bestellsystem) allows remote attackers to execute arbitrary commands via shell metachara...

CVE-2007-618610.0

Unspecified vulnerability in PHPDevShell before 0.7.0 has unknown impact and attack vectors, involving a "minor security bug in re...