Lucene search

MitreCVE-2009-1068

HistoryMar 26, 2009 - 5:51 a.m.

CVE-2009-1068

2009-03-2605:51:52

CWE-119

mitre

web.nvd.nist.gov

cve-2009-1068

bs.player

buffer overflow

denial of service

arbitrary code execution

remote attackers

.bsl playlist file

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

High

EPSS

0.121

Percentile

95.4%

JSON

Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long hostname in a .bsl playlist file.

Affected configurations

Nvd

Node

bsplayerbs.playerMatch2.32free

bsplayerbs.playerMatch2.34pro

VendorProductVersionCPE
bsplayerbs.player2.32cpe:2.3:a:bsplayer:bs.player:2.32:free:*:*:*:*:*:*
bsplayerbs.player2.34cpe:2.3:a:bsplayer:bs.player:2.34:pro:*:*:*:*:*:*

Vendor	Product	Version	CPE
bsplayer	bs.player	2.32	cpe:2.3:a:bsplayer:bs.player:2.32:free::::::
bsplayer	bs.player	2.34	cpe:2.3:a:bsplayer:bs.player:2.34:pro::::::

References

osvdb.org/52841

retrogod.altervista.org/9sg_bsplayer_seh.html

secunia.com/advisories/34412

www.securityfocus.com/archive/1/502016/100/0/threaded

www.securityfocus.com/bid/34190

www.vupen.com/english/advisories/2009/0800

exchange.xforce.ibmcloud.com/vulnerabilities/49342

www.exploit-db.com/exploits/8249

www.exploit-db.com/exploits/8251

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8.1

Confidence

High

EPSS

0.121

Percentile

95.4%

JSON

Related for CVE-2009-1068