Groovy Media Player '.mp3' File Remote Stack Buffer Overflow Vulnerability
BID:58888
Info
Groovy Media Player '.mp3' File Remote Stack Buffer Overflow Vulnerability
| Bugtraq ID: | 58888 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2013-2760 |
| Remote: | Yes |
| Local: | No |
| Published: | Apr 05 2013 12:00AM |
| Updated: | Apr 05 2013 12:00AM |
| Credit: | Akshaysinh Vaghela |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Groovy Media Player '.mp3' File Remote Stack Buffer Overflow Vulnerability
Groovy Media Player is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
Groovy Media Player 3.2.0 is vulnerable; other versions may also be affected.
Groovy Media Player is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.
Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
Groovy Media Player 3.2.0 is vulnerable; other versions may also be affected.
Exploit / POC
Groovy Media Player '.mp3' File Remote Stack Buffer Overflow Vulnerability
An attacker must entice an unsuspecting victim into opening a malicious file.
The following exploit is available:
An attacker must entice an unsuspecting victim into opening a malicious file.
The following exploit is available:
Solution / Fix
Groovy Media Player '.mp3' File Remote Stack Buffer Overflow Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].