CVE-2005-4648

Properties

Published:
30.12.2005
Updated:
28.08.2006
Patch available:
Severity:
Medium
CVSS vector:
(AV:R/AC:H/Au:NR/C:P/I:P/A:P/B:N)
Product:
Illustrate: dBpowerAMP Music Converter

Vulnerability description

Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and earlier, possibly including (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe, allows user-assisted attackers to cause a denial of service or execute arbitrary code via a .m3u playlist with a long entry, possibly involving large field names, as demonstrated by SecuBox.Labs.m3u.  NOTE: this issue might be the same as the .m3u vulnerability in CVE-2004-1569, but if so, then CD:SF-LOC suggests creating a different identifier since the .m3u issue would affect different versions than the .pls issue.

References:

http://secubox.shadock.net/dBpowerAMP_Music_Converter_v11.5_Local_Buffer_Overflow_Issue.html: http://secubox.shadock.net/dBpowerAMP_Music_Converter_v11.5_Local_Buffer_Overflow_Issue.html
SECTRACK: http://securitytracker.com/id?1015415