dBpowerAMP Multiple Product ID3 Tags Overflow

2004-09-27T00:00:00
ID OSVDB:11127
Type osvdb
Reporter James Bercegay()
Modified 2004-09-27T00:00:00

Description

Vulnerability Description

A remote overflow exists in dBpowerAMP Music Converter and Audio Player. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted mp3 file containing malformed ID3 tags, a remote attacker can cause arbitrary code execution or cause the applications to crash resulting in a loss of integrity and/or availability.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

A remote overflow exists in dBpowerAMP Music Converter and Audio Player. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted mp3 file containing malformed ID3 tags, a remote attacker can cause arbitrary code execution or cause the applications to crash resulting in a loss of integrity and/or availability.

References:

Vendor URL: http://www.dbpoweramp.com/ Security Tracker: 1011436 Security Tracker: 1011437 Secunia Advisory ID:12684 Related OSVDB ID: 11126 Related OSVDB ID: 10380 Other Advisory URL: http://www.gulftech.org/?node=research&article_id=00052-09272004 ISS X-Force ID: 17535 ISS X-Force ID: 17539 Bugtraq ID: 11266