Necmettin Coskun

**Name of the Vulnerable Software and Affected Versions** MicroP version 0.1.1.1600 **Description** The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by providing a crafted .mppl file. The overflow is reportedly related to the `lpFileName` parameter of the CreateFileA function, although it is likely caused by a separate, unnamed function. **Recommendations** For MicroP version 0.1.1.1600, consider restricting access to the CreateFileA function or the unnamed function causing the overflow until a patch is available. Avoid using the `lpFileName` parameter with untrusted input in the affected function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hanso Player versions 2.1.0 and earlier, 2.5.0 **Description** The issue allows remote attackers to cause a denial of service, resulting in a crash, by providing a long string in a .m3u file. **Recommendations** For versions 2.1.0 and earlier, and version 2.5.0, update to a version later than 2.5.0 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.