Buffer overflow : Mini-Stream Multiple Products Stack Overflow Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 146377 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.900646

Categoría: Buffer overflow

Título: Mini-Stream Multiple Products Stack Overflow Vulnerability

Resumen: Mini-Stream products is prone to a stack overflow vulnerability.

Descripción: Summary:
Mini-Stream products is prone to a stack overflow vulnerability.

Vulnerability Insight:
Inadequate boundary checks error of user supplied input to
Mini-stream products which causes stack overflow while processing .ram and
.asx files with overly long URIs.

Vulnerability Impact:
Successful exploitation will let the attacker craft malicious
'asx' or 'ram' files and execute arbitrary codes to cause stack overflow in
the context of the affected application.

Affected Software/OS:
Ripper version 3.0.1.1 (3.0.1.5) and prior
RM-MP3 Converter version 3.0.0.7 and prior
ASXtoMP3 Converter version 3.0.0.7 and prior

Solution:
No known solution was made available for at least one year since the disclosure
of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer
release, disable respective features, remove the product or replace the product by another one.

CVSS Score:
9.3

CVSS Vector:
AV:N/AC:M/Au:N/C:C/I:C/A:C

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2009-1642
BugTraq ID: 34860
http://www.securityfocus.com/bid/34860
BugTraq ID: 34864
http://www.securityfocus.com/bid/34864
https://www.exploit-db.com/exploits/8629
https://www.exploit-db.com/exploits/8630
https://packetstormsecurity.com/files/144558/ASX-To-MP3-Converter-Stack-Overflow.html
XForce ISS Database: asxmp3-ram-asxf-bo(50374)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50374
Common Vulnerability Exposure (CVE) ID: CVE-2009-1641
https://www.exploit-db.com/exploits/8631
https://www.exploit-db.com/exploits/8632
XForce ISS Database: ripper-ram-asx-bo(50375)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50375
Common Vulnerability Exposure (CVE) ID: CVE-2009-1645
https://www.exploit-db.com/exploits/8633
https://www.exploit-db.com/exploits/8634
XForce ISS Database: easyrmmp3-ram-asx-bo(50376)
https://exchange.xforce.ibmcloud.com/vulnerabilities/50376

Copyright Copyright (C) 2009 Greenbone AG

Esta es sólo una de 146377 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.900646
Categoría:	Buffer overflow
Título:	Mini-Stream Multiple Products Stack Overflow Vulnerability
Resumen:	Mini-Stream products is prone to a stack overflow vulnerability.
Descripción:	Summary: Mini-Stream products is prone to a stack overflow vulnerability. Vulnerability Insight: Inadequate boundary checks error of user supplied input to Mini-stream products which causes stack overflow while processing .ram and .asx files with overly long URIs. Vulnerability Impact: Successful exploitation will let the attacker craft malicious 'asx' or 'ram' files and execute arbitrary codes to cause stack overflow in the context of the affected application. Affected Software/OS: Ripper version 3.0.1.1 (3.0.1.5) and prior RM-MP3 Converter version 3.0.0.7 and prior ASXtoMP3 Converter version 3.0.0.7 and prior Solution: No known solution was made available for at least one year since the disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2009-1642 BugTraq ID: 34860 http://www.securityfocus.com/bid/34860 BugTraq ID: 34864 http://www.securityfocus.com/bid/34864 https://www.exploit-db.com/exploits/8629 https://www.exploit-db.com/exploits/8630 https://packetstormsecurity.com/files/144558/ASX-To-MP3-Converter-Stack-Overflow.html XForce ISS Database: asxmp3-ram-asxf-bo(50374) https://exchange.xforce.ibmcloud.com/vulnerabilities/50374 Common Vulnerability Exposure (CVE) ID: CVE-2009-1641 https://www.exploit-db.com/exploits/8631 https://www.exploit-db.com/exploits/8632 XForce ISS Database: ripper-ram-asx-bo(50375) https://exchange.xforce.ibmcloud.com/vulnerabilities/50375 Common Vulnerability Exposure (CVE) ID: CVE-2009-1645 https://www.exploit-db.com/exploits/8633 https://www.exploit-db.com/exploits/8634 XForce ISS Database: easyrmmp3-ram-asx-bo(50376) https://exchange.xforce.ibmcloud.com/vulnerabilities/50376
Copyright	Copyright (C) 2009 Greenbone AG