Test ID:	1.3.6.1.4.1.25623.1.0.900597
Category:	Buffer overflow
Title:	TFM MMPlayer '.m3u' Buffer Overflow Vulnerability - July-09
Summary:	Check for the Version of TFM MMPlayer
Description:	Description: Overview: This host is installed with TFM MMPlayer and is prone to stack based Buffer Overflow bulnerability. Vulnerability Insight: This flaw is due to improper bounds checking when processing '.m3u' files and can be exploited via crafted '.m3u' playlist file containing an overly long string. Impact: Successful exploitation allows the attacker to execute arbitrary code on the system or cause the application to crash. Impact Level: Application Affected Software/OS: TFM MMPlayer version 2.0 to 2.2.0.30 on Windows. Fix: No solution or patch is available as of th 24th July, 2009. Information regarding this issue will be updated once the solution details are available. For updates refer to http://www.tfm.ro/mmplayer/top.html References: http://secunia.com/advisories/35605 http://www.milw0rm.com/exploits/9047 http://xforce.iss.net/xforce/xfdb/51442 CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2009-2566 http://www.exploit-db.com/exploits/9047 http://secunia.com/advisories/35605 XForce ISS Database: mmplayer-m3u-bo(51442) https://exchange.xforce.ibmcloud.com/vulnerabilities/51442
Copyright	Copyright (C) 2009 SecPod

This is only one of 58962 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.

New User Registration Email: UserID: Passwd: Please email me your monthly newsletters, informing the latest services, improvements & surveys. Please email me a vulnerability test announcement whenever a new test is added.     Privacy

Registered User Login   UserID:     Passwd:     Forgot userid or passwd? Email/Userid: