PT-2009-3144 · Elecard · Elecard Mpeg Player

Abo Mohamed

Published

2009-02-10

Updated

2017-09-29

CVE-2009-0491

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Elecard MPEG Player version 5.5 build 15884.081218

Description The issue is a stack-based buffer overflow that allows remote attackers to execute arbitrary code. This can be achieved by using a M3U file that contains a long URL.

Recommendations For Elecard MPEG Player version 5.5 build 15884.081218, consider avoiding the use of M3U files with long URLs until a patch is available. As a temporary workaround, restrict the handling of M3U files to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2009-0491

Affected Products

Elecard Mpeg Player

PT-2009-3144 · Elecard · Elecard Mpeg Player

CVE-2009-0491

Weakness Enumeration

Related Identifiers

Affected Products

References · 5