VYPR
Vendor

Roxio

Products
8
CVEs
13
Across products
17
Status
Private

Products

8

Recent CVEs

13
  • CVE-2007-1559Apr 11, 2007
    risk 0.06cvss epss 0.32

    Multiple stack-based buffer overflows in SonicDVDDashVRNav.dll in Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via (1) unspecified long property values to SonicMediaPlayer.dll or (2) long arguments to unspecified methods in SonicMediaPlayer.dll.

  • CVE-2007-0348Mar 21, 2007
    risk 0.06cvss epss 0.35

    Stack-based buffer overflow in the IASystemInfo.dll ActiveX control in (1) InterActual Player 2.60.12.0717, (2) Roxio CinePlayer 3.2, (3) WinDVD 7.0.27.172, and possibly other products, allows remote attackers to execute arbitrary code via a long ApplicationType property.

  • CVE-2008-4384Oct 7, 2008
    risk 0.05cvss epss 0.29

    Multiple stack-based buffer overflows in MGI Software LPViewer ActiveX control (LPControl.dll), as acquired by Roxio and iseemedia, allow remote attackers to execute arbitrary code via the (1) url, (2) toolbar, and (3) enableZoomPastMax methods.

  • CVE-2009-4841May 6, 2010
    risk 0.04cvss epss 0.07

    Heap-based buffer overflow in the SonicMediaPlayer ActiveX control in SonicMediaPlayer.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the DiskType method. NOTE: this might overlap CVE-2007-1559.

  • CVE-2009-4840May 6, 2010
    risk 0.04cvss epss 0.08

    Heap-based buffer overflow in the IAManager ActiveX control in IAManager.dll in Roxio CinePlayer 3.2 allows remote attackers to execute arbitrary code via a long argument to the SetIAPlayerName method.

  • CVE-2010-5236Sep 7, 2012
    risk 0.03cvss epss 0.01

    Untrusted search path vulnerability in Roxio Easy Media Creator Home 9.0.136 allows local users to gain privileges via a Trojan horse homeutils9.dll file in the current working directory, as demonstrated by a directory that contains a .roxio, .c2d, or .gi file. NOTE: some of…

  • CVE-2010-5195Sep 6, 2012
    risk 0.03cvss epss 0.01

    Untrusted search path vulnerability in Roxio MyDVD 9 allows local users to gain privileges via a Trojan horse HomeUtils9.dll file in the current working directory, as demonstrated by a directory that contains a .dmsd or .dmsm file. NOTE: some of these details are obtained from…

  • CVE-2006-4866Sep 19, 2006
    risk 0.03cvss epss 0.01

    Buffer overflow in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via a long extension argument.

  • CVE-2009-1566Dec 3, 2009
    risk 0.01cvss epss 0.07

    Integer overflow in Roxio Easy Media Creator 9.0.136, and Roxio Creator 2010 before SP1, might allow remote attackers to execute arbitrary code via an image with crafted dimensions.

  • CVE-2007-3829Jul 17, 2007
    risk 0.01cvss epss 0.08

    Multiple stack-based buffer overflows in (a) InterActual Player 2.60.12.0717 and (b) Roxio CinePlayer 3.2 allow remote attackers to execute arbitrary code via a (1) long FailURL attribute in the IAMCE ActiveX Control (IAMCE.dll) or a (2) long URLCode attribute in the IAKey…

  • CVE-2022-46662Dec 21, 2022
    risk 0.00cvss epss 0.00

    Roxio Creator LJB starts another program with an unquoted file path. Since a registered Windows service path contains spaces and are unquoted, if a malicious executable is placed on a certain path, the executable may be executed with the privilege of the Windows service. The…

  • CVE-2006-4801Sep 14, 2006
    risk 0.00cvss epss 0.00

    Race condition in Deja Vu, as used in Roxio Toast Titanium 7 and possibly other products, allows local users to execute arbitrary code via temporary files, including dejavu_manual.rb, which are executed with raised privileges.

  • CVE-2004-1398Dec 31, 2004
    risk 0.00cvss epss 0.00

    Format string vulnerability in prelink.c in kextload in Apple OS X, as used by TDIXSupport in Roxio Toast Titanium and possibly other products, allows local users to execute arbitrary code via format string specifiers in the extension argument.