Lucene search

FlexeraCVE-2009-1566

HistoryDec 03, 2009 - 6:30 p.m.

CVE-2009-1566

2009-12-0318:30:00

CWE-189

flexera

web.nvd.nist.gov

cve-2009-1566

integer overflow

roxio easy media creator

roxio creator 2010

remote code execution

image dimensions

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.065

Percentile

93.7%

JSON

Integer overflow in Roxio Easy Media Creator 9.0.136, and Roxio Creator 2010 before SP1, might allow remote attackers to execute arbitrary code via an image with crafted dimensions.

Affected configurations

Nvd

Node

roxiocreatorRange≤9.0.136

roxioeasy_media_creatorMatch9.0.136

VendorProductVersionCPE
roxiocreator*cpe:2.3:a:roxio:creator:*:*:*:*:*:*:*:*
roxioeasy_media_creator9.0.136cpe:2.3:a:roxio:easy_media_creator:9.0.136:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
roxio	creator	*	cpe:2.3:a:roxio:creator::::::::
roxio	easy_media_creator	9.0.136	cpe:2.3:a:roxio:easy_media_creator:9.0.136:::::::*

References

secunia.com/advisories/36069

secunia.com/secunia_research/2009-38/

www.securityfocus.com/archive/1/508165/100/0/threaded

www.securityfocus.com/bid/37183

www.vupen.com/english/advisories/2009/3375

exchange.xforce.ibmcloud.com/vulnerabilities/54496

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.8

Confidence

Low

EPSS

0.065

Percentile

93.7%

JSON

Related for CVE-2009-1566