Lucene search

[email protected]CVE-2009-2650

HistoryJul 30, 2009 - 7:30 p.m.

CVE-2009-2650

2009-07-3019:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2009-2650

sorcerer software

multimedia jukebox

buffer overflow

denial of service

remote attackers

arbitrary code

m3u

pst

nvd

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.5 High

AI Score

Confidence

High

0.965 High

EPSS

Percentile

99.6%

JSON

Heap-based buffer overflow in Sorcerer Software MultiMedia Jukebox 4.0 Build 020124 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a crafted (1) .m3u or possibly (2) .pst file.

Affected configurations

NVD

Node

sorcerersoftwaremultimedia_jukeboxMatch4.0

CPENameOperatorVersion
sorcerersoftware:multimedia_jukeboxsorcerersoftware multimedia jukeboxeq4.0

CPE	Name	Operator	Version
sorcerersoftware:multimedia_jukebox	sorcerersoftware multimedia jukebox	eq	4.0

References

secunia.com/advisories/35860

www.exploit-db.com/exploits/9173

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.5 High

AI Score

Confidence

High

0.965 High

EPSS

Percentile

99.6%

JSON

Related for CVE-2009-2650

exploitdb1 nvd1 packetstorm1 prion1 cvelist1