PT-2004-2229 · Yamt · Yamt

Published

2004-12-22

Updated

2017-07-11

CVE-2004-1302

CVSS v2.0

High

Vector

AV:N/AC:L/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions: YAMT version 0.5

Description: The issue allows remote attackers to execute arbitrary commands via an MP3 file with double quotes in the Artist tag. This is due to a problem in the id3tag sort function in id3tag.c.

Recommendations: For YAMT version 0.5, consider disabling the id3tag sort function until a patch is available to prevent exploitation. Restrict access to MP3 files with double quotes in the Artist tag to minimize the risk of arbitrary command execution.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2004-1302

Affected Products

Yamt

PT-2004-2229 · Yamt · Yamt

CVE-2004-1302

Related Identifiers

Affected Products

References · 7