Free Mp3 Player '.mp3' File Remote Buffer Overflow Vulnerability
BID:51123
Info
Free Mp3 Player '.mp3' File Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 51123 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2011-5043 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 19 2011 12:00AM |
| Updated: | Jan 10 2012 10:00PM |
| Credit: | JaMbA |
| Vulnerable: |
TomatoSoft Free Mp3 Player 1.0 |
| Not Vulnerable: | |
Discussion
Free Mp3 Player '.mp3' File Remote Buffer Overflow Vulnerability
Free Mp3 Player is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Free Mp3 Player 1.0 is vulnerable; other versions may also be affected.
NOTE: Technical details corrected to properly reflect the issue.
Free Mp3 Player is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.
Free Mp3 Player 1.0 is vulnerable; other versions may also be affected.
NOTE: Technical details corrected to properly reflect the issue.
Exploit / POC
Free Mp3 Player '.mp3' File Remote Buffer Overflow Vulnerability
The following proof of concept code is available:
The following proof of concept code is available:
Solution / Fix
Free Mp3 Player '.mp3' File Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Free Mp3 Player '.mp3' File Remote Buffer Overflow Vulnerability
References:
References:
- Free Mp3 Player 1.0 Product Page (Softpedia)