ID

VAR-199911-0028


CVE

CVE-1999-0946


TITLE

Microsoft IE Yamaha MidiPlug Buffer Overflow Vulnerability

Trust: 0.9

sources: BID: 760 // CNNVD: CNNVD-199911-009

DESCRIPTION

Buffer overflow in Yamaha MidiPlug via a Text variable in an EMBED tag. There is a buffer overflow in the MidiPlug that may allow arbitrary code to be executed on the local host. Instructions in the text variable may be executed when a user visits the malicious web page

Trust: 1.26

sources: NVD: CVE-1999-0946 // BID: 760 // VULHUB: VHN-927

AFFECTED PRODUCTS

vendor:yamahamodel:midiplugscope:eqversion:1.1bj

Trust: 1.6

vendor:yamahamodel:midiplug b-jscope:eqversion:1.1

Trust: 0.3

sources: BID: 760 // CNNVD: CNNVD-199911-009 // NVD: CVE-1999-0946

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-0946
value: MEDIUM

Trust: 1.0

CNNVD: CNNVD-199911-009
value: MEDIUM

Trust: 0.6

VULHUB: VHN-927
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-1999-0946
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-927
severity: MEDIUM
baseScore: 5.1
vectorString: AV:N/AC:H/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: HIGH
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 4.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-927 // CNNVD: CNNVD-199911-009 // NVD: CVE-1999-0946

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-0946

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199911-009

TYPE

buffer overflow

Trust: 0.6

sources: CNNVD: CNNVD-199911-009

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-927

EXTERNAL IDS

db:BIDid:760

Trust: 2.0

db:NVDid:CVE-1999-0946

Trust: 1.7

db:CNNVDid:CNNVD-199911-009

Trust: 0.7

db:BUGTRAQid:19991102 SOME HOLES FOR WIN/UNIX SOFTWARES

Trust: 0.6

db:EXPLOIT-DBid:19585

Trust: 0.1

db:VULHUBid:VHN-927

Trust: 0.1

sources: VULHUB: VHN-927 // BID: 760 // CNNVD: CNNVD-199911-009 // NVD: CVE-1999-0946

REFERENCES

url:http://www.securityfocus.com/bid/760

Trust: 2.7

url:http://marc.info/?l=bugtraq&m=94157187815629&w=2

Trust: 2.1

url:http://marc.theaimsgroup.com/?l=bugtraq&m=94157187815629&w=2

Trust: 0.6

url:http://http://shadowpenguin.backsection.net/toolbox.html#no051

Trust: 0.3

url: -

Trust: 0.1

sources: VULHUB: VHN-927 // BID: 760 // CNNVD: CNNVD-199911-009 // NVD: CVE-1999-0946

CREDITS

This vulnerability was posted to Bugtraq by UNYUN <shadowpenguin@backsection.net>.

Trust: 0.9

sources: BID: 760 // CNNVD: CNNVD-199911-009

SOURCES

db:VULHUBid:VHN-927
db:BIDid:760
db:CNNVDid:CNNVD-199911-009
db:NVDid:CVE-1999-0946

LAST UPDATE DATE

2024-11-22T22:49:01.211000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-927date:2016-10-18T00:00:00
db:BIDid:760date:1999-11-02T00:00:00
db:CNNVDid:CNNVD-199911-009date:2005-05-02T00:00:00
db:NVDid:CVE-1999-0946date:2024-11-20T23:29:54.900

SOURCES RELEASE DATE

db:VULHUBid:VHN-927date:1999-11-02T00:00:00
db:BIDid:760date:1999-11-02T00:00:00
db:CNNVDid:CNNVD-199911-009date:1999-11-02T00:00:00
db:NVDid:CVE-1999-0946date:1999-11-02T05:00:00