MediaMonkey URI Handling Multiple Denial of Service Vulnerabilities
BID:30251
Info
MediaMonkey URI Handling Multiple Denial of Service Vulnerabilities
| Bugtraq ID: | 30251 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 16 2008 12:00AM |
| Updated: | Jul 17 2008 07:18PM |
| Credit: | Shinnok |
| Vulnerable: |
Ventis Media MediaMonkey 3.0.3 |
| Not Vulnerable: | |
Discussion
MediaMonkey URI Handling Multiple Denial of Service Vulnerabilities
MediaMonkey is prone to two denial-of-service vulnerabilities because it fails to handle user-supplied input.
An attacker can exploit these issues to crash the application. Given the nature of these vulnerabilities, the attacker may also be able to execute arbitrary code, but this has not been confirmed.
MediaMonkey 3.0.3 is vulnerable; other versions may also be affected.
MediaMonkey is prone to two denial-of-service vulnerabilities because it fails to handle user-supplied input.
An attacker can exploit these issues to crash the application. Given the nature of these vulnerabilities, the attacker may also be able to execute arbitrary code, but this has not been confirmed.
MediaMonkey 3.0.3 is vulnerable; other versions may also be affected.
Exploit / POC
MediaMonkey URI Handling Multiple Denial of Service Vulnerabilities
An attacker can exploit these issues by enticing an unsuspecting victim into following a malicious URI.
The following exploit code is available:
An attacker can exploit these issues by enticing an unsuspecting victim into following a malicious URI.
The following exploit code is available:
Solution / Fix
MediaMonkey URI Handling Multiple Denial of Service Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
MediaMonkey URI Handling Multiple Denial of Service Vulnerabilities
References:
References:
- MediaMonkey Homepage (Ventis Media)