CVE-2007-6533

Name of the Vulnerable Software and Affected Versions Zoom Player versions 6.00 beta 2 and earlier

Description The issue allows user-assisted remote attackers to execute arbitrary code via an HTTP link to a PLS file in a crafted ZPL file. This occurs because of a buffer overflow in Unicode handling when generating an error message.

Recommendations For Zoom Player versions 6.00 beta 2 and earlier, update to a version later than 6.00 beta 2 to resolve the issue. As a temporary workaround, consider avoiding the use of crafted ZPL files and be cautious when clicking on HTTP links to PLS files.