TFM MMPlayer '.m3u' Buffer Overflow Vulnerability - July-09 Network Vulnerability

Summary

This host is installed with TFM MMPlayer and is prone to stack based Buffer Overflow bulnerability.

Impact

Successful exploitation allows the attacker to execute arbitrary code on the system or cause the application to crash. Impact Level: Application

Solution

No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.

Insight

This flaw is due to improper bounds checking when processing '.m3u' files and can be exploited via crafted '.m3u' playlist file containing an overly long string.

Affected

TFM MMPlayer version 2.0 to 2.2.0.30 on Windows.

References

http://secunia.com/advisories/35605
http://xforce.iss.net/xforce/xfdb/51442

Updated on 2017-03-28

Severity

Classification

CVE CVE-2009-2566
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Adobe Reader 'XFDF' File Buffer Overflow Vulnerability (Windows)
Adobe PageMaker Font Structure Multiple BOF Vulnerabilities
Alpine tmail and dmail Buffer Overflow Vulnerabilities (Win)
Blazevideo HDTV Player PLF File Buffer Overflow Vulnerability
Adobe Air Buffer Overflow Vulnerability (Windows)

Take action and discover your vulnerabilities