RETIRED: Virtual DJ M3U File Buffer Overflow Vulnerability
BID:25513
Info
RETIRED: Virtual DJ M3U File Buffer Overflow Vulnerability
| Bugtraq ID: | 25513 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Sep 02 2007 12:00AM |
| Updated: | Jun 05 2009 10:39PM |
| Credit: | 0x58 is credited with the discovery of this issue. |
| Vulnerable: |
Virtual DJ Virtual DJ 5.0 |
| Not Vulnerable: | |
Discussion
RETIRED: Virtual DJ M3U File Buffer Overflow Vulnerability
Virtual DJ is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data.
Attackers may attempt to exploit this issue by coercing users to access malicious M3U playlist files.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. This facilitates the remote compromise of affected computers.
Virtual DJ 5.0 is vulnerable; other versions may also be affected.
NOTE: This BID is being retired because it is a duplicate of BID 25512 (Virtual DJ '.m3u' File Remote Stack Buffer Overflow Vulnerability).
Virtual DJ is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data.
Attackers may attempt to exploit this issue by coercing users to access malicious M3U playlist files.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. This facilitates the remote compromise of affected computers.
Virtual DJ 5.0 is vulnerable; other versions may also be affected.
NOTE: This BID is being retired because it is a duplicate of BID 25512 (Virtual DJ '.m3u' File Remote Stack Buffer Overflow Vulnerability).
Exploit / POC
RETIRED: Virtual DJ M3U File Buffer Overflow Vulnerability
An exploit has been released.
An exploit has been released.
Solution / Fix
RETIRED: Virtual DJ M3U File Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
RETIRED: Virtual DJ M3U File Buffer Overflow Vulnerability
References:
References:
- Virtual DJ 5.0 Local Buffer OverFlow (milw0rm)
- Virtual DJ Homepage (Virtual DJ)