Denial of Service : VUPlayer .asx Playlist File Buffer Overflow Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900193

Categoría: Denial of Service

Título: VUPlayer .asx Playlist File Buffer Overflow Vulnerability

Resumen: VUPlayer is prone to a buffer overflow vulnerability.

Descripción: Summary:
VUPlayer is prone to a buffer overflow vulnerability.

Vulnerability Insight:
Certain .asx and .pls files fails to perform adequate boundary checks in
HREF attribute of a REF element via long .asf file. This can also be
exploited by a file composed entirely of 'A' characters.

Vulnerability Impact:
Attackers may leverage this issue by executing arbitrary code in the context
of an affected application and can cause denial of service condition.

Affected Software/OS:
VUPlayer version 2.49 (2.4.9.0) and prior on Windows.

Solution:
No known solution was made available for at least one year since the disclosure
of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer
release, disable respective features, remove the product or replace the product by another one.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-0174
BugTraq ID: 33185
http://www.securityfocus.com/bid/33185
https://www.exploit-db.com/exploits/7709
https://www.exploit-db.com/exploits/7713
https://www.exploit-db.com/exploits/7714
https://www.exploit-db.com/exploits/7715
http://securityreason.com/securityalert/4918
XForce ISS Database: vuplayer-asx-bo(47851)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47851
Common Vulnerability Exposure (CVE) ID: CVE-2009-0181
Bugtraq: 20090106 VUPLAYER BufferOver flow POC (Google Search)
http://www.securityfocus.com/archive/1/499810/100/0/threaded
http://securityreason.com/securityalert/4921
XForce ISS Database: vuplayer-file-bo(48169)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48169
Common Vulnerability Exposure (CVE) ID: CVE-2009-0182
https://www.exploit-db.com/exploits/7695
http://packetstormsecurity.com/files/165489/VUPlayer-2.49-Buffer-Overflow.html
http://securityreason.com/securityalert/4923
XForce ISS Database: vuplayer-fileline-bo(48170)
https://exchange.xforce.ibmcloud.com/vulnerabilities/48170

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900193
Categoría:	Denial of Service
Título:	VUPlayer .asx Playlist File Buffer Overflow Vulnerability
Resumen:	VUPlayer is prone to a buffer overflow vulnerability.
Descripción:	Summary: VUPlayer is prone to a buffer overflow vulnerability. Vulnerability Insight: Certain .asx and .pls files fails to perform adequate boundary checks in HREF attribute of a REF element via long .asf file. This can also be exploited by a file composed entirely of 'A' characters. Vulnerability Impact: Attackers may leverage this issue by executing arbitrary code in the context of an affected application and can cause denial of service condition. Affected Software/OS: VUPlayer version 2.49 (2.4.9.0) and prior on Windows. Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-0174 BugTraq ID: 33185 http://www.securityfocus.com/bid/33185 https://www.exploit-db.com/exploits/7709 https://www.exploit-db.com/exploits/7713 https://www.exploit-db.com/exploits/7714 https://www.exploit-db.com/exploits/7715 http://securityreason.com/securityalert/4918 XForce ISS Database: vuplayer-asx-bo(47851) https://exchange.xforce.ibmcloud.com/vulnerabilities/47851 Common Vulnerability Exposure (CVE) ID: CVE-2009-0181 Bugtraq: 20090106 VUPLAYER BufferOver flow POC (Google Search) http://www.securityfocus.com/archive/1/499810/100/0/threaded http://securityreason.com/securityalert/4921 XForce ISS Database: vuplayer-file-bo(48169) https://exchange.xforce.ibmcloud.com/vulnerabilities/48169 Common Vulnerability Exposure (CVE) ID: CVE-2009-0182 https://www.exploit-db.com/exploits/7695 http://packetstormsecurity.com/files/165489/VUPlayer-2.49-Buffer-Overflow.html http://securityreason.com/securityalert/4923 XForce ISS Database: vuplayer-fileline-bo(48170) https://exchange.xforce.ibmcloud.com/vulnerabilities/48170
Copyright	Copyright (C) 2009 Greenbone AG