SAINT CorporationSAINT:05C9553CDC6C039B6750FA169CE67562CoCSoft Stream Down Stack Overflow
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.047 Low
EPSS
Percentile
92.7%
Added: 01/10/2012
CVE: CVE-2011-5052
BID: 51190
OSVDB: 78043
Background
CoCSoft Stream Down is a streaming media download tool.
Problem
The CoCSoft Stream Down HTTP client implementation in version 6.8 and prior does not properly validate HTTP responses. This vulnerability may allow an attacker to trick a user into downloading a specially crafted malicious stream which may result in giving the attacker control of execution on the target system.
Resolution
No updates are available at this time.
References
<http://www.stream-down.cocsoft.com/>
Limitations
This exploit has been tested against CoCSoft Stream Down 6.6.0 on Windows XP SP3 English (DEP OptIn) and Windows 7 SP1 (DEP OptIn).
Platforms
Windows
Related
6.8 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
0.047 Low
EPSS
Percentile
92.7%