CyberLink Power2Go Multiple Stack Buffer Overflow Vulnerabilities
BID:50997
Info
CyberLink Power2Go Multiple Stack Buffer Overflow Vulnerabilities
| Bugtraq ID: | 50997 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 09 2011 12:00AM |
| Updated: | Apr 18 2012 08:50PM |
| Credit: | Tom Gregory (modpr0be) of Spentera |
| Vulnerable: |
CyberLink Power2Go 8.0.0.1031 |
| Not Vulnerable: | |
Discussion
CyberLink Power2Go Multiple Stack Buffer Overflow Vulnerabilities
Power2Go is prone to multiple remote stack-based buffer-overflow vulnerabilities because of errors when processing certain files.
Remote attackers can exploit these issues by enticing an unsuspecting user into opening a maliciously crafted file.
Successful exploits will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.
eSignal 8.0.0.1031 is vulnerable; other versions may also be affected.
Power2Go is prone to multiple remote stack-based buffer-overflow vulnerabilities because of errors when processing certain files.
Remote attackers can exploit these issues by enticing an unsuspecting user into opening a maliciously crafted file.
Successful exploits will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.
eSignal 8.0.0.1031 is vulnerable; other versions may also be affected.
Exploit / POC
CyberLink Power2Go Multiple Stack Buffer Overflow Vulnerabilities
The following exploit code is available:
The following exploit code is available:
Solution / Fix
CyberLink Power2Go Multiple Stack Buffer Overflow Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected].
References
CyberLink Power2Go Multiple Stack Buffer Overflow Vulnerabilities
References:
References:
- Power2Go buffer overflow vulnerability (US-CERT)
- Power2Go Homepage (CyberLink)