Lucene search

FlexeraCVE-2013-3260

HistoryMar 03, 2014 - 4:55 p.m.

CVE-2013-3260

2014-03-0316:55:03

CWE-119

flexera

web.nvd.nist.gov

cve-2013-3260

buffer overflow

inmatrix zoom player

remote code execution

bmp file

security vulnerability

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

High

EPSS

0.073

Percentile

94.1%

JSON

Heap-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 allows remote attackers to execute arbitrary code via a large biClrUsed value in a BMP file.

Affected configurations

Nvd

Node

inmatrixzoom_playerRange≤8.6.1

inmatrixzoom_playerMatch8.00

inmatrixzoom_playerMatch8.1.1

inmatrixzoom_playerMatch8.1.5

inmatrixzoom_playerMatch8.1.6

inmatrixzoom_playerMatch8.5

inmatrixzoom_playerMatch8.6

inmatrixzoom_playerMatch8.10

VendorProductVersionCPE
inmatrixzoom_player*cpe:2.3:a:inmatrix:zoom_player:*:*:*:*:*:*:*:*
inmatrixzoom_player8.00cpe:2.3:a:inmatrix:zoom_player:8.00:*:*:*:*:*:*:*
inmatrixzoom_player8.1.1cpe:2.3:a:inmatrix:zoom_player:8.1.1:*:*:*:*:*:*:*
inmatrixzoom_player8.1.5cpe:2.3:a:inmatrix:zoom_player:8.1.5:*:*:*:*:*:*:*
inmatrixzoom_player8.1.6cpe:2.3:a:inmatrix:zoom_player:8.1.6:*:*:*:*:*:*:*
inmatrixzoom_player8.5cpe:2.3:a:inmatrix:zoom_player:8.5:*:*:*:*:*:*:*
inmatrixzoom_player8.6cpe:2.3:a:inmatrix:zoom_player:8.6:*:*:*:*:*:*:*
inmatrixzoom_player8.10cpe:2.3:a:inmatrix:zoom_player:8.10:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
inmatrix	zoom_player	*	cpe:2.3:a:inmatrix:zoom_player::::::::
inmatrix	zoom_player	8.00	cpe:2.3:a:inmatrix:zoom_player:8.00:::::::*
inmatrix	zoom_player	8.1.1	cpe:2.3:a:inmatrix:zoom_player:8.1.1:::::::*
inmatrix	zoom_player	8.1.5	cpe:2.3:a:inmatrix:zoom_player:8.1.5:::::::*
inmatrix	zoom_player	8.1.6	cpe:2.3:a:inmatrix:zoom_player:8.1.6:::::::*
inmatrix	zoom_player	8.5	cpe:2.3:a:inmatrix:zoom_player:8.5:::::::*
inmatrix	zoom_player	8.6	cpe:2.3:a:inmatrix:zoom_player:8.6:::::::*
inmatrix	zoom_player	8.10	cpe:2.3:a:inmatrix:zoom_player:8.10:::::::*

References

osvdb.org/94036

secunia.com/advisories/52698

secunia.com/secunia_research/2013-05

www.securityfocus.com/bid/60420

exchange.xforce.ibmcloud.com/vulnerabilities/84836

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

8.3

Confidence

High

EPSS

0.073

Percentile

94.1%

JSON

Related for CVE-2013-3260