PT-2009-3665 · Php Live! · Php Live!

Nine:Situations:Group

Published

2009-03-25

Updated

2017-09-29

CVE-2009-1087

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions PPLive versions 1.9.21 and earlier

Description The issue allows remote attackers to execute arbitrary code via a UNC share pathname in the LoadModule argument to the (1) synacast, (2) Play, (3) pplsv, or (4) ppvod URI handler.

Recommendations For versions 1.9.21 and earlier, consider restricting access to the UNC share pathname in the LoadModule argument to minimize the risk of exploitation. As a temporary workaround, avoid using the LoadModule argument in the affected URI handlers until a fix is available.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2009-1087

Affected Products

Php Live!

PT-2009-3665 · Php Live! · Php Live!

CVE-2009-1087

Weakness Enumeration

Related Identifiers

Affected Products

References · 5