PT-2009-6039 · Ots · Otsav Free+3
Stack
·
Published
2009-10-27
·
Updated
2017-09-19
·
CVE-2009-3812
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
OtsAV DJ trial version 1.85.64.0
OtsAV Radio trial version 1.85.64.0
OtsAV TV trial version 1.85.64.0
OtsAV Free version 1.77.001
Description
The issue is a heap-based buffer overflow that allows remote attackers to execute arbitrary code. This is achieved by using a long playlist in an Ots File List (.ofl) file.
Recommendations
For OtsAV DJ trial version 1.85.64.0, update to a version that fixes this issue.
For OtsAV Radio trial version 1.85.64.0, update to a version that fixes this issue.
For OtsAV TV trial version 1.85.64.0, update to a version that fixes this issue.
For OtsAV Free version 1.77.001, update to a version that fixes this issue.
As a temporary workaround, consider restricting the use of long playlists in .ofl files to minimize the risk of exploitation.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Otsav Dj
Otsav Free
Otsav Radio
Otsav Tv