Lucene search

[email protected]CVE-2009-1642

HistoryMay 15, 2009 - 3:30 p.m.

CVE-2009-1642

2009-05-1515:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2009-1642

buffer overflow

stack-based

mini-stream asx to mp3 converter

remote code execution

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.567 Medium

EPSS

Percentile

97.7%

JSON

Multiple stack-based buffer overflows in Mini-stream ASX to MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file. NOTE: the latter was also subsequently reported in “prior to 3.1.3.7.”

Affected configurations

NVD

Node

mini-streammini-stream_to_mp3_converterMatch3.0.0.7

CPENameOperatorVersion
mini-stream:mini-stream_to_mp3_convertermini-stream mini-stream to mp3 convertereq3.0.0.7

CPE	Name	Operator	Version
mini-stream:mini-stream_to_mp3_converter	mini-stream mini-stream to mp3 converter	eq	3.0.0.7

References

www.securityfocus.com/bid/34860

www.securityfocus.com/bid/34864

exchange.xforce.ibmcloud.com/vulnerabilities/50374

packetstormsecurity.com/files/144558/ASX-To-MP3-Converter-Stack-Overflow.html

www.exploit-db.com/exploits/8629

www.exploit-db.com/exploits/8630

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.9 High

AI Score

Confidence

Low

0.567 Medium

EPSS

Percentile

97.7%

JSON

Related for CVE-2009-1642

prion1 cvelist1 nvd2 cve1 openvas2