CVE-2009-2934

Name of the Vulnerable Software and Affected Versions: Programmed Integration PIPL versions 2.5.0 through 2.5.0D

Description: The issue is related to multiple stack-based buffer overflows in the xaudio.dll component. This can be exploited by remote attackers who send a long string in either a .pls or .pl playlist file, potentially allowing them to execute arbitrary code.

Recommendations: For Programmed Integration PIPL versions 2.5.0 through 2.5.0D, consider restricting the handling of .pls and .pl playlist files to minimize the risk of exploitation until a patch is available. Avoid using the xaudio.dll component with untrusted input. At the moment, there is no information about a newer version that contains a fix for this vulnerability.