PT-2009-6175 · Faslo · Faslo Player
Hack4Love
·
Published
2009-11-18
·
Updated
2017-09-19
·
CVE-2009-3969
CVSS v2.0
9.3
High
| Vector | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Faslo Player version 7.0
Description
The issue is a stack-based buffer overflow that can be triggered by a long string in a .m3u playlist file, allowing remote attackers to cause a denial of service, such as an application crash, or possibly execute arbitrary code.
Recommendations
For Faslo Player version 7.0, consider avoiding the use of long strings in .m3u playlist files until a patch is available. As a temporary workaround, restrict the processing of .m3u files to minimize the risk of exploitation.
Exploit
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Faslo Player