PT-2010-1478 · Cowon · Jetaudio+1

Nine:Situations:Group

Published

2010-03-05

Updated

2018-10-10

CVE-2009-4668

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions jetAudio versions 7.5.2 through 7.5.3.15 JetCast.exe version 2.0.4.1109

Description The issue is related to a stack-based buffer overflow in JetCast.exe, which can be triggered by a long ID3 tag in an MP3 file, potentially allowing remote attackers to execute arbitrary code.

Recommendations For jetAudio versions 7.5.2 through 7.5.3.15, consider updating JetCast.exe to a version that is not affected by this issue. For JetCast.exe version 2.0.4.1109, avoid using it to play MP3 files with long ID3 tags until a patch is available. As a temporary workaround, consider restricting access to JetCast.exe or disabling its ability to process MP3 files with long ID3 tags.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2009-4668

Affected Products

Jetcast.Exe

Jetaudio

PT-2010-1478 · Cowon · Jetaudio+1

CVE-2009-4668

Weakness Enumeration

Related Identifiers

Affected Products

References · 6