Test ID:	1.3.6.1.4.1.25623.1.0.800146
Category:	Buffer overflow
Title:	Streamripper Multiple Buffer Overflow Vulnerabilities - Windows
Summary:	Streamripper is prone to multiple buffer overflow vulnerabilities.
Description:	Summary: Streamripper is prone to multiple buffer overflow vulnerabilities. Vulnerability Insight: The flaws are due to boundary error within, - http_parse_sc_header() function in lib/http.c, when parsing an overly long HTTP header starting with Zwitterion v. - http_get_pls() and http_get_m3u() functions in lib/http.c, when parsing a specially crafted pls playlist containing an overly long entry or m3u playlist containing an overly long File entry. Vulnerability Impact: Successful attack could lead to execution of arbitrary code by tricking a user into connecting to a malicious server or can even cause denial of service condition. Affected Software/OS: Streamripper Version 1.63.5 and earlier on Windows. Solution: Upgrade to Version 1.64.0 or later. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2008-4829 BugTraq ID: 32356 http://www.securityfocus.com/bid/32356 Bugtraq: 20081119 Secunia Research: Streamripper Multiple Buffer Overflows (Google Search) http://www.securityfocus.com/archive/1/498486/100/0/threaded Debian Security Information: DSA-1683 (Google Search) http://www.debian.org/security/2008/dsa-1683 http://secunia.com/secunia_research/2008-50/ http://www.osvdb.org/49997 http://secunia.com/advisories/32562 http://secunia.com/advisories/33052 http://secunia.com/advisories/33061 http://securityreason.com/securityalert/4647 http://www.vupen.com/english/advisories/2008/3207
Copyright	Copyright (C) 2008 Greenbone AG

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.