PT-2012-2148 · Cyberlink · Cyberlink Power2Go

Tom Gregory

Published

2012-09-15

Updated

2017-08-29

CVE-2011-5171

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions CyberLink Power2Go versions 7 (build 196) through 8 (build 1031)

Description The issue is related to multiple stack-based buffer overflows that allow remote attackers to execute arbitrary code. This is achieved via the src and name parameters in a p2g project file.

Recommendations For CyberLink Power2Go version 7 (build 196), update to a version that contains a fix for this issue. For CyberLink Power2Go version 8 (build 1031), update to a version that contains a fix for this issue. As a temporary workaround, consider restricting access to p2g project files to minimize the risk of exploitation.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2011-5171

Affected Products

Cyberlink Power2Go

PT-2012-2148 · Cyberlink · Cyberlink Power2Go

CVE-2011-5171

Weakness Enumeration

Related Identifiers

Affected Products

References · 9