SAINT CorporationSAINT:295AEDC59D4D17030655E28355D5B0DBCoCSoft Stream Down Stack Overflow
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
93.9%
Added: 01/10/2012
CVE: CVE-2011-5052
BID: 51190
OSVDB: 78043
Background
CoCSoft Stream Down is a streaming media download tool.
Problem
The CoCSoft Stream Down HTTP client implementation in version 6.8 and prior does not properly validate HTTP responses. This vulnerability may allow an attacker to trick a user into downloading a specially crafted malicious stream which may result in giving the attacker control of execution on the target system.
Resolution
No updates are available at this time.
References
<http://www.stream-down.cocsoft.com/>
Limitations
This exploit has been tested against CoCSoft Stream Down 6.6.0 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
Platforms
Windows
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
EPSS
Percentile
93.9%