CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2007-4983

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0610%
EPSS Percentile20.84th
Published2007年9月19日
Last Modified2026年4月23日

Vulnerability Description

Directory traversal vulnerability in the JetAudio.Interface.1 ActiveX control in JetFlExt.dll in jetAudio 7.0.3 Basic and 7.0.3.3016 allows remote attackers to create or overwrite arbitrary local files via a ..\ (dot dot backslash) in the second argument to the DownloadFromMusicStore method. NOTE: some of these details are obtained from third party information. NOTE: this can be leveraged for code execution by overwriting JetAudio.exe, which is launched by the control after completion of the method call.

Affected Platforms (CPE)

📦
Cowon America

Jetaudio

= 7.0.3.3016
📦
Cowon America

Jetaudio

= 7.0.3_basic

References & Advisories

🔗 http://osvdb.org/37737
🔗 http://secunia.com/advisories/26787
🔗 http://www.securityfocus.com/bid/25723
🔗 http://www.securitytracker.com/id?1018716
🔗 http://www.vupen.com/english/advisories/2007/3196
🔗 https://exchange.xforce.ibmcloud.com/vulnerabilities/36693
🔗 https://www.exploit-db.com/exploits/4427
🔗 http://osvdb.org/37737

相關漏洞威脅

CVE-2008-07479.3

Stack-based buffer overflow in COWON America jetAudio 7.0.5 and earlier allows user-assisted remote attackers to execute arbitrary...

CVE-2009-46689.3

Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary ...

CVE-2007-54879.3

Stack-based buffer overflow in COWON America jetAudio Basic 7.0.3 allows user-assisted remote attackers to execute arbitrary code ...

CVE-2009-46769.3

Stack-based buffer overflow in JetCast.exe 2.0.4.1109 in jetAudio 7.5.2 and 7.5.3.15 allows remote attackers to execute arbitrary ...

CVE-2007-4983 Detail & Impact Analysis | CVSS 10.0 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space