Lucene search
Copyright (C) 2009 SecPodOPENVAS:900459HistoryFeb 20, 2009 - 12:00 a.m.
Euphonics Audio Player Buffer Overflow Vulnerability
2009-02-2000:00:00
Copyright (C) 2009 SecPod
plugins.openvas.org
9
EPSS
0.738
Percentile
98.2%
This host is running Euphonics Audio Player and is prone to Buffer
Overflow Vulnerability.
###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_euphonics_player_bof_vuln.nasl 5369 2017-02-20 14:48:07Z cfi $
#
# Euphonics Audio Player Buffer Overflow Vulnerability
#
# Authors:
# Sujit Ghosal <[email protected]>
#
# Copyright:
# Copyright (c) 2009 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################
tag_impact = "Successful exploitation will let the attacker execute arbitrary codes in the
context of the application through crafted playlist files 'file.pls' with
overly long data which may lead to crashing of the application.
Impact level: Application/System";
tag_affected = "Euphonics Audio Player with AdjMmsEng.dll file version 7.11.2.7 and prior.";
tag_insight = "The vulnerability exists in AdjMmsEng.dll file of multiple MultiMedia Soft
audio components for .NET. This flaw arises due to failure in performing
adequate boundary checks on user supplied input to the application buffer.";
tag_solution = "Upgrade to the latest version
http://sourceforge.net/projects/euphonics";
tag_summary = "This host is running Euphonics Audio Player and is prone to Buffer
Overflow Vulnerability.";
if(description)
{
script_id(900459);
script_version("$Revision: 5369 $");
script_tag(name:"last_modification", value:"$Date: 2017-02-20 15:48:07 +0100 (Mon, 20 Feb 2017) $");
script_tag(name:"creation_date", value:"2009-02-20 17:40:17 +0100 (Fri, 20 Feb 2009)");
script_tag(name:"cvss_base", value:"9.3");
script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
script_bugtraq_id(33589);
script_cve_id("CVE-2009-0476");
script_name("Euphonics Audio Player Buffer Overflow Vulnerability");
script_xref(name : "URL" , value : "http://secunia.com/Advisories/33817");
script_xref(name : "URL" , value : "http://secunia.com/advisories/33791");
script_xref(name : "URL" , value : "http://www.milw0rm.com/exploits/7958");
script_xref(name : "URL" , value : "http://www.milw0rm.com/exploits/7973");
script_xref(name : "URL" , value : "http://www.milw0rm.com/exploits/7974");
script_xref(name : "URL" , value : "http://www.vupen.com/english/advisories/2009/0316");
script_tag(name:"qod_type", value:"executable_version");
script_category(ACT_GATHER_INFO);
script_copyright("Copyright (C) 2009 SecPod");
script_family("Buffer overflow");
script_dependencies("secpod_reg_enum.nasl");
script_mandatory_keys("SMB/WindowsVersion");
script_require_ports(139, 445);
script_tag(name : "affected" , value : tag_affected);
script_tag(name : "insight" , value : tag_insight);
script_tag(name : "solution" , value : tag_solution);
script_tag(name : "summary" , value : tag_summary);
script_tag(name : "impact" , value : tag_impact);
exit(0);
}
include("smb_nt.inc");
include("version_func.inc");
include("secpod_smb_func.inc");
if(!get_kb_item("SMB/WindowsVersion")){
exit(0);
}
key = "SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\";
if(!registry_key_exists(key:key)){
exit(0);
}
key2 = "SOFTWARE\Microsoft\Windows\CurrentVersion\";
foreach item (registry_enum_keys(key:key))
{
value = registry_get_sz(key:key + item, item:"DisplayName");
if("Euphonics" >< value)
{
progDir = registry_get_sz(key:key2, item:"ProgramFilesDir");
phonicsPath = progDir + "\Euphonics\AdjMmsEng.dll";
break;
}
}
if(!progDir){
exit(0);
}
share = ereg_replace(pattern:"([A-Z]):.*",replace:"\1$",string:phonicsPath);
file = ereg_replace(pattern:"[A-Z]:(.*)",replace:"\1",string:phonicsPath);
version = GetVer(file:file, share:share);
if(version == NULL){
exit(0);
}
# Grep for 'AdjMmsEng.dll' version less or equal to 7.11.2.7
if(version_is_less_equal(version:version, test_version:"7.11.2.7")){
security_message(0);
}
Related
metasploit
metasploit
Audio Workstation 6.4.2.4.3 pls Buffer Overflow
2009-12-10 20:46:53
Audiotran 1.4.1 (PLS File) Stack Buffer Overflow
2010-01-28 19:24:41
prion
prion
Stack overflow
2009-02-08 21:30:00
nvd
nvd
CVE-2009-0476
2009-02-08 21:30:09
exploitdb
exploitdb
Audio Workstation 6.4.2.4.3 - '.pls' Local Buffer Overflow (Metasploit)
2009-12-09 00:00:00
Audio Workstation 6.4.2.4.3 pls Buffer Overflow
2010-09-25 00:00:00
Audiotran 1.4.1 - '.pls' Local Stack Buffer Overflow (Metasploit)
2010-01-28 00:00:00
packetstorm
packetstorm
Audiotran 1.4.1 (PLS File) Stack Buffer Overflow
2010-02-05 00:00:00
Audio Workstation 6.4.2.4.3 pls Buffer Overflow
2009-12-31 00:00:00
openvas
openvas
MultiMedia Soft Audio Products Buffer Overflow Vulnerability
2009-02-20 00:00:00
Euphonics Audio Player Buffer Overflow Vulnerability
2009-02-20 00:00:00
MultiMedia Soft Audio Products Buffer Overflow Vulnerability
2009-02-20 00:00:00
checkpoint_advisories
checkpoint_advisories
Audiotran 1.4.1 (PLS File) Stack Buffer Overflow (CVE-2009-0476)
2017-02-13 00:00:00
cvelist
cvelist
CVE-2009-0476
2009-02-08 21:00:00
cve
cve
CVE-2009-0476
2009-02-08 21:30:09