CVE-2012-5876

Name of the Vulnerable Software and Affected Versions Nero MediaHome versions 4.5.8.0 and earlier

Description The issue is caused by multiple off-by-one errors in the NMMediaServerService.dll component. Remote attackers can exploit this by sending a long string in the request line or the HTTP Referer header to TCP port 54444, triggering a heap-based buffer overflow that leads to a denial of service (crash).

Recommendations For Nero MediaHome versions 4.5.8.0 and earlier, consider restricting access to TCP port 54444 to minimize the risk of exploitation. As a temporary workaround, avoid using long strings in the request line or the HTTP Referer header until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.