PT-2006-7007 · Blazevideo · Blazevideo Hdtv Player

Greg Linares

Published

2006-12-08

Updated

2017-10-19

CVE-2006-6396

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions BlazeVideo HDTV Player versions 2.1 and earlier BlazeVideo HDTV Player version 3.5

Description The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code via a long filename in a PLF playlist.

Recommendations For versions 2.1 and earlier, update to a version later than the fixed version, if available. For version 3.5, update to a version later than the fixed version, if available. As a temporary workaround, consider restricting the use of long filenames in PLF playlists to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2006-6396

Affected Products

Blazevideo Hdtv Player

PT-2006-7007 · Blazevideo · Blazevideo Hdtv Player

CVE-2006-6396

Weakness Enumeration

Related Identifiers

Affected Products

References · 5