Abo Mohamed

**Name of the Vulnerable Software and Affected Versions** Elecard MPEG Player version 5.5 build 15884.081218 **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This can be achieved by using a M3U file that contains a long URL. **Recommendations** For Elecard MPEG Player version 5.5 build 15884.081218, consider avoiding the use of M3U files with long URLs until a patch is available. As a temporary workaround, restrict the handling of M3U files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** VUPlayer version 2.49 **Description** A stack-based buffer overflow issue allows remote attackers to execute arbitrary code via a long .asf URI in the `HREF` attribute of a `REF` element in a .asx file. **Recommendations** For VUPlayer version 2.49, at the moment, there is no information about a newer version that contains a fix for this vulnerability.