PT-2009-5568 · Ultimate Player · Ultimate Player

Hack4Love

Published

2009-09-18

Updated

2017-09-19

CVE-2009-3254

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Ultimate Player version 1.56 beta

Description The issue concerns multiple stack-based buffer overflows that allow remote attackers to execute arbitrary code. This can be achieved by providing a long string in either a .m3u or .upl playlist file.

Recommendations For Ultimate Player version 1.56 beta, update to a version that fixes the buffer overflow issues to prevent remote code execution.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2009-3254

Affected Products

Ultimate Player

PT-2009-5568 · Ultimate Player · Ultimate Player

CVE-2009-3254

Weakness Enumeration

Related Identifiers

Affected Products

References · 4