BID:26069

COWON America jetAudio M3U File Processing Remote Buffer Overflow Vulnerability

Info

COWON America jetAudio M3U File Processing Remote Buffer Overflow Vulnerability

Bugtraq ID:	26069
Class:	Boundary Condition Error
CVE:	CVE-2007-5487
Remote:	Yes
Local:	No
Published:	Oct 14 2007 12:00AM
Updated:	May 07 2015 05:34PM
Credit:	Krystian Kloskowski (h07) <[email protected]> discovered this vulnerability.
Vulnerable:	COWON America jetAudio Plus 7.1.9 .4030 COWON America jetAudio Basic 8.0.2 COWON America jetAudio Basic 7.0.3

Not Vulnerable:

Discussion

COWON America jetAudio M3U File Processing Remote Buffer Overflow Vulnerability

jetAudio is prone to a remote buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it to an insufficiently sized buffer while processing M3U files.

Exploiting this issue allows attackers to execute arbitrary machine code in the context of users running the affected application.

The following are vulnerable:

jetAudio 7.0.3 and 8.0.2
jetAudio Plus 7.1.9.4030

Prior versions may also be affected.

Exploit / POC

COWON America jetAudio M3U File Processing Remote Buffer Overflow Vulnerability

To exploit this issue, an attacker must entice an unsuspecting user to process a maliciously crafted file.

The following exploit and proof-of-concept code is available:

/data/vulnerabilities/exploits/jetAudio_bof.py
/data/vulnerabilities/exploits/26069.py
/data/vulnerabilities/exploits/26069-3.pl
/data/vulnerabilities/exploits/26069-4.pl
/data/vulnerabilities/exploits/26069-5.py
/data/vulnerabilities/exploits/26069.pl
/data/vulnerabilities/exploits/26069-6.pl
/data/vulnerabilities/exploits/26069-7.py
/data/vulnerabilities/exploits/26069-8.pl

Solution / Fix

COWON America jetAudio M3U File Processing Remote Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

References

COWON America jetAudio M3U File Processing Remote Buffer Overflow Vulnerability

References:

jetAudio Homepage (JetAudio)
JetAudio Basic 7.0.3 BufferOverFlow PoC ([email protected])