Virtual DJ '.m3u' File Remote Stack Buffer Overflow Vulnerability

Bugtraq ID:	25512
Class:	Boundary Condition Error
CVE:	CVE-2007-4735
Remote:	Yes
Local:	No
Published:	Sep 03 2007 12:00AM
Updated:	May 07 2015 05:35PM
Credit:	0x58
Vulnerable:	Virtual DJ Virtual DJ Trial 6.1.2 Virtual DJ Virtual DJ Trial 6.0.6 Virtual DJ Virtual DJ Pro 6.0 Virtual DJ Virtual DJ 5.0
Not Vulnerable:

Virtual DJ '.m3u' File Remote Stack Buffer Overflow Vulnerability

Virtual DJ is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input.

Attackers may be able to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Virtual DJ 5.0 and Virtual DJ Pro 6.0 are vulnerable; other versions may also be affected.

Virtual DJ '.m3u' File Remote Stack Buffer Overflow Vulnerability

To exploit this issue, an attacker must entice an unsuspecting user to open a maliciously crafted '.m3u' file with the affected application.

The following exploits are available:

• /data/vulnerabilities/exploits/25512-3.c
• /data/vulnerabilities/exploits/25512-4.py
• /data/vulnerabilities/exploits/25512.pl
• /data/vulnerabilities/exploits/25512-2.c

Virtual DJ '.m3u' File Remote Stack Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

Virtual DJ '.m3u' File Remote Stack Buffer Overflow Vulnerability

References:

• Vendor Homepage (Virtual DJ)