This host is installed with Serenity/Mplay Audio Player and is prone to code execution vulnerability.

Successful exploitation could allow local/remote attackers to trick the user to access the crafted m3u playlist file, execute the crafted shellcode into the context of the affected system memory registers to take control of the machine running the affected application. Impact Level: System

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one. For updates refer to http://malsmith.kyabram.biz/serenity

There exists a stack overflow vulnerability within the 'MplayInputFile()' function in 'src/plgui.c' that fails to sanitize user input while the user crafts his/her own malicious playlist 'm3u' file.

Serenity/Mplay Audio Player 3.2.3.0 and prior on Windows.

• http://packetstormsecurity.org/0911-exploits/serenityaudio-overflow.txt
• http://secunia.com/advisories/product/27998

---

Updated on 2015-03-25