Lucene search

[email protected]CVE-2009-3812

HistoryOct 27, 2009 - 4:30 p.m.

CVE-2009-3812

2009-10-2716:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2009-3812

otsav

buffer overflow

remote code execution

playlist

.ofl file

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.166 Low

EPSS

Percentile

96.1%

JSON

Heap-based buffer overflow in OtsAV DJ trial version 1.85.64.0, Radio trial version 1.85.64.0, TV trial version 1.85.64.0, and Free version 1.77.001 allows remote attackers to execute arbitrary code via a long playlist in an Ots File List (.ofl) file.

Affected configurations

NVD

Node

otslabsotsav_djMatch1.85.64.0trial

otslabsotsav_radioMatch1.85.64.0trial

otslabsotsav_tvMatch1.85.64.0trial

CPENameOperatorVersion
otslabs:otsav_djotslabs otsav djeq1.85.64.0
otslabs:otsav_radiootslabs otsav radioeq1.85.64.0
otslabs:otsav_tvotslabs otsav tveq1.85.64.0

CPE	Name	Operator	Version
otslabs:otsav_dj	otslabs otsav dj	eq	1.85.64.0
otslabs:otsav_radio	otslabs otsav radio	eq	1.85.64.0
otslabs:otsav_tv	otslabs otsav tv	eq	1.85.64.0

References

osvdb.org/55747

packetstormsecurity.org/0907-exploits/otsav-overflow.txt

secunia.com/advisories/35738

www.exploit-db.com/exploits/9113

www.vupen.com/english/advisories/2009/1861

exchange.xforce.ibmcloud.com/vulnerabilities/51628

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.1 High

AI Score

Confidence

High

0.166 Low

EPSS

Percentile

96.1%

JSON

Related for CVE-2009-3812

cvelist1 prion1 nvd1