PT-2012-2142 · Koyote Soft · Free Mp3 Cd Ripper

Naxxo

Published

2012-09-15

Updated

2016-06-15

CVE-2011-5165

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Free MP3 CD Ripper versions 1.1, 2.6 and earlier

Description The issue is a stack-based buffer overflow that occurs when converting a file, allowing user-assisted remote attackers to execute arbitrary code via a crafted .wav file.

Recommendations For Free MP3 CD Ripper versions 1.1, 2.6 and earlier, avoid using the file conversion feature with untrusted .wav files until a patch is available. As a temporary workaround, consider restricting the use of the file conversion feature to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2011-5165

Affected Products

Free Mp3 Cd Ripper

PT-2012-2142 · Koyote Soft · Free Mp3 Cd Ripper

CVE-2011-5165

Weakness Enumeration

Related Identifiers

Affected Products

References · 17