Japan Vulnerability NotesJVN:66291445JVN#66291445 SonicStage CP buffer overflow vulnerability
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.5%
Sony SonicStage CP is software for music management. SonicStage CP contains a vulnerability that can be exploited to cause a buffer overflow when importing a specially crafted playlist file with the .m3u extension.
Impact
Importing a specially crafted playlist file with the .m3u extension can cause a buffer overflow, allowing a remote attacker to crash SonicStage CP and at the same time execute arbitrary code on the affected system.
Solution
Update the Software
Apply the latest update provided by the vendor.
For more information, refer to the vendor’s website.
Products Affected
- SonicStage Ver.4.0
- SonicStage Ver.4.1
- SonicStage Ver.4.2
- SonicStage Ver.4.3
For details, see the information provided by the vendor.
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
96.5%