Vulnerability Details : CVE-2007-4466
Public exploit exists!
Multiple stack-based buffer overflows in Electronic Arts (EA) SnoopyCtrl ActiveX control (NPSnpy.dll) allow remote attackers to execute arbitrary code via unspecified methods and parameters.
Vulnerability category: Execute code
Products affected by CVE-2007-4466
- cpe:2.3:a:electronic_arts:snoopyctrl:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2007-4466
66.94%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 98 %
Percentile, the proportion of vulnerabilities that are scored at or less
Metasploit modules for CVE-2007-4466
-
Electronic Arts SnoopyCtrl ActiveX Control Buffer Overflow
Disclosure Date: 2007-10-08First seen: 2020-04-26exploit/windows/browser/ea_checkrequirementsThis module exploits a stack buffer overflow in Electronic Arts SnoopyCtrl ActiveX Control (NPSnpy.dll 1.1.0.36. When sending an overly long string to the CheckRequirements() method, an attacker may be able to execute arbitrary code. Authors: - MC <mc@meta
CVSS scores for CVE-2007-4466
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2007-4466
-
The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment.Assigned by: nvd@nist.gov (Primary)
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2007-4466
Jump to