cpe:/a:divx:divx_web_player:1.0.1 cpe:/a:divx:divx_web_player:1.0.2 cpe:/a:divx:divx_web_player:1.1 cpe:/a:divx:divx_web_player:1.1.0 cpe:/a:divx:divx_web_player:1.2 cpe:/a:divx:divx_web_player:1.2.0 cpe:/a:divx:divx_web_player:1.3 cpe:/a:divx:divx_web_player:1.3.0 cpe:/a:divx:divx_web_player:1.3.1 cpe:/a:divx:divx_web_player:1.4 cpe:/a:divx:divx_web_player:1.4.0:beta2 cpe:/a:divx:divx_web_player:1.4.1:beta1 cpe:/a:divx:divx_web_player:1.4.2:beta2 cpe:/a:divx:divx_web_player:1.4.2.7 CVE-2008-5259 2009-04-16T11:12:57.327-04:00 2017-08-07T21:33:12.953-04:00 9.3 NETWORK MEDIUM NONE COMPLETE COMPLETE COMPLETE http://nvd.nist.gov 2009-04-16T11:39:00.000-04:00 SECTRACK 1022061 BUGTRAQ 20090415 Secunia Research: DivX Web Player Stream Format Chunk Buffer Overflow SECUNIA 33196 BID 34523 VUPEN ADV-2009-1044 XF divxwebplayer-strf-bo(49908) MISC http://secunia.com/secunia_research/2008-57/ Integer signedness error in DivX Web Player 1.4.2.7, and possibly earlier versions, allows remote attackers to execute arbitrary code via a DivX file containing a crafted Stream Format (STRF) chunk, which triggers a heap-based buffer overflow.