BaoFeng Storm ActiveX Control Buffer Overflow Vulnerability

Summary
This host is installed with BaoFeng Storm ActiveX and is prone to Buffer Overflow vulnerability.
Impact
Attacker may exploit this issue to execute arbitrary script code and may cause denial of service. Impact Level: Application
Solution
Upgarde to the latest BaoFeng Storm version 3.9.05.10 http://bbs.baofeng.com/read.php?tid=121630
Insight
A boundary error in the MPS.StormPlayer.1 ActiveX control (mps.dll) while processing overly large argument passed to the 'OnBeforeVideoDownload()' method leads to buffer overflow.
Affected
BaoFeng Storm mps.dll version 3.9.4.27 and prior on Windows.
References

Updated on 2017-03-28