Test ID:	1.3.6.1.4.1.25623.1.0.902346
Category:	Buffer overflow
Title:	PIPI Player PIPIWebPlayer ActiveX Control Buffer Overflow Vulnerability
Summary:	Check for the version of PIPI Player
Description:	Overview: This host is installed with PIPI Player and is prone to buffer overflow vulnerability. Vulnerability Insight: The flaw is due to an error when processing the 'PlayURL()' and 'PlayURLWithLocalPlayer()' methods. This can be exploited to cause a stack-based buffer overflow via an overly long string passed to the methods. Impact: Successful exploitation will allow remote attackers to execute arbitrary code in the context of the application. Impact Level: Application. Affected Software: PIPI Player version 2.8.0.0 Fix: No solution or patch is available as of 28th Febraury, 2011. Information regarding this issue will update once the solution details are available. For updates refer to http://pipi.cn/down/index.html References: http://secunia.com/advisories/43394 http://xforce.iss.net/xforce/xfdb/65537 http://www.wooyun.org/bugs/wooyun-2010-01383
Cross-Ref:	BugTraq ID: 46468 Common Vulnerability Exposure (CVE) ID: CVE-2011-1065 http://www.wooyun.org/bugs/wooyun-2010-01382 http://www.wooyun.org/bugs/wooyun-2010-01383 http://www.securityfocus.com/bid/46468 http://secunia.com/advisories/43394 XForce ISS Database: pipiplayer-activex-control-bo(65537) http://xforce.iss.net/xforce/xfdb/65537
Copyright	Copyright (C) 2011 SecPod

This is only one of 32582 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: