Secunia Advisory: SA28765
Release Date: 2008-02-05
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Nero Media Player 1.x
This advisory is currently marked as unpatched!
- Companies can be alerted when a patch is released!
Description:
securfrog has discovered a vulnerability in Nero Media Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in NeroMediaPlayer.exe when loading .M3U playlist files. This can be exploited to cause a buffer overflow by e.g. loading a .M3U playlist file containing an overly long URI string.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 1.4.0.35. Other versions may also be affected.
Solution:
Do not open untrusted .M3U files.
Bollettino di Sicurezza
Release Date: 2008-02-05
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Nero Media Player 1.x
This advisory is currently marked as unpatched!
- Companies can be alerted when a patch is released!
Description:
securfrog has discovered a vulnerability in Nero Media Player, which can be exploited by malicious people to compromise a user's system.
The vulnerability is caused due to a boundary error in NeroMediaPlayer.exe when loading .M3U playlist files. This can be exploited to cause a buffer overflow by e.g. loading a .M3U playlist file containing an overly long URI string.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 1.4.0.35. Other versions may also be affected.
Solution:
Do not open untrusted .M3U files.
Bollettino di Sicurezza