Vulnerability Details : CVE-2008-5735
Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 allows remote attackers to execute arbitrary code via a large PlaylistSkin value in a skin file.
Vulnerability category: OverflowExecute code
Exploit prediction scoring system (EPSS) score for CVE-2008-5735
Probability of exploitation activity in the next 30 days: 13.46%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 95 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-5735
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
[email protected] |
CWE ids for CVE-2008-5735
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: [email protected] (Primary)
References for CVE-2008-5735
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/47527
-
https://www.exploit-db.com/exploits/7536
-
https://www.exploit-db.com/exploits/7547
-
http://securityreason.com/securityalert/4813
-
http://www.securityfocus.com/archive/1/499480/100/0/threaded
-
http://www.securityfocus.com/bid/32947
-
http://www.bmgsec.com.au/advisory/43/
Products affected by CVE-2008-5735
- cpe:2.3:a:coolplayer:coolplayer:2.19:*:*:*:*:*:*:*
- cpe:2.3:a:coolplayer:coolplayer:2.17:*:*:*:*:*:*:*
- cpe:2.3:a:coolplayer:coolplayer:2.18:*:*:*:*:*:*:*