CVE-2009-0476 - Vulnerability Details - OpenCVE

Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedia Soft audio components for .NET, allows remote attackers to execute arbitrary code via a long string in a playlist (.pls) file, as originally reported for Euphonics Audio Player 1.0. NOTE: some of these details are obtained from third party information.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Complete

Integrity Impact Complete

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Multimediasoft	Audio Dj Studio For .net Audio Sound Editer For .net Audio Sound Recorder For .net Audio Sound Studio For .net Audio Sound Suite For .net

Configuration 1 [-]

OR	cpe:2.3:a:multimediasoft:audio_dj_studio_for_.net:-:::::::*
	cpe:2.3:a:multimediasoft:audio_sound_editer_for_.net:-:::::::*
	cpe:2.3:a:multimediasoft:audio_sound_recorder_for_.net:-:::::::*
	cpe:2.3:a:multimediasoft:audio_sound_studio_for_.net:-:::::::*
	cpe:2.3:a:multimediasoft:audio_sound_suite_for_.net:-:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/33791
http://secunia.com/advisories/33817
http://www.securityfocus.com/archive/1/500652/100/0/threaded
http://www.securityfocus.com/bid/33589
http://www.vupen.com/english/advisories/2009/0316
https://www.exploit-db.com/exploits/7958
https://www.exploit-db.com/exploits/7973
https://www.exploit-db.com/exploits/7974

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2009-02-08T21:00:00

Updated: 2024-08-07T04:31:26.337Z

Reserved: 2009-02-08T00:00:00

Link: CVE-2009-0476

Vulnrichment

No data.

NVD

Status : Modified

Published: 2009-02-08T21:30:09.827

Modified: 2024-11-21T00:59:59.493

Link: CVE-2009-0476

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2009-02-03T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedia Soft audio components for .NET, allows remote attackers to execute arbitrary code via a long string in a playlist (.pls) file, as originally reported for Euphonics Audio Player 1.0. NOTE: some of these details are obtained from third party information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-11T19:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "7958", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/7958"}, {"name": "20090203 Euphonics Audio Player v1.0 (.pls) Local BOF POC", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/500652/100/0/threaded"}, {"name": "33817", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33817"}, {"name": "33791", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/33791"}, {"name": "33589", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/33589"}, {"name": "7973", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/7973"}, {"name": "7974", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/7974"}, {"name": "ADV-2009-0316", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2009/0316"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2009-0476", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedia Soft audio components for .NET, allows remote attackers to execute arbitrary code via a long string in a playlist (.pls) file, as originally reported for Euphonics Audio Player 1.0. NOTE: some of these details are obtained from third party information."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "7958", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/7958"}, {"name": "20090203 Euphonics Audio Player v1.0 (.pls) Local BOF POC", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/500652/100/0/threaded"}, {"name": "33817", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33817"}, {"name": "33791", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/33791"}, {"name": "33589", "refsource": "BID", "url": "http://www.securityfocus.com/bid/33589"}, {"name": "7973", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/7973"}, {"name": "7974", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/7974"}, {"name": "ADV-2009-0316", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2009/0316"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T04:31:26.337Z"}, "title": "CVE Program Container", "references": [{"name": "7958", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/7958"}, {"name": "20090203 Euphonics Audio Player v1.0 (.pls) Local BOF POC", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/500652/100/0/threaded"}, {"name": "33817", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33817"}, {"name": "33791", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/33791"}, {"name": "33589", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/33589"}, {"name": "7973", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/7973"}, {"name": "7974", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/7974"}, {"name": "ADV-2009-0316", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2009/0316"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2009-0476", "datePublished": "2009-02-08T21:00:00", "dateReserved": "2009-02-08T00:00:00", "dateUpdated": "2024-08-07T04:31:26.337Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:multimediasoft:audio_dj_studio_for_.net:-:*:*:*:*:*:*:*", "matchCriteriaId": "DF5636AC-D0E1-4390-93B2-E3ADCC471A36", "vulnerable": true}, {"criteria": "cpe:2.3:a:multimediasoft:audio_sound_editer_for_.net:-:*:*:*:*:*:*:*", "matchCriteriaId": "1D4D4B16-2810-48EA-B8EB-A1359AD1BD15", "vulnerable": true}, {"criteria": "cpe:2.3:a:multimediasoft:audio_sound_recorder_for_.net:-:*:*:*:*:*:*:*", "matchCriteriaId": "E3BA5495-6851-4CD6-A4E3-EB37B0B7E246", "vulnerable": true}, {"criteria": "cpe:2.3:a:multimediasoft:audio_sound_studio_for_.net:-:*:*:*:*:*:*:*", "matchCriteriaId": "CF14BA0A-66B3-4DA2-8989-D7F988DAD4A6", "vulnerable": true}, {"criteria": "cpe:2.3:a:multimediasoft:audio_sound_suite_for_.net:-:*:*:*:*:*:*:*", "matchCriteriaId": "06B49DAC-FE92-491A-998F-B3A75B4EAC6D", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedia Soft audio components for .NET, allows remote attackers to execute arbitrary code via a long string in a playlist (.pls) file, as originally reported for Euphonics Audio Player 1.0. NOTE: some of these details are obtained from third party information."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en AdjMmsEng.dll v7.11.1.0 y v7.11.2.7 distribuido para m\u00faltiples componentes de audio de MultiMedia Soft para .NET, permite a atacantes remotos ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de una cadena larga en un archivo de \"lista de reproducci\u00f3n\" (.pls), reportado inicialmente por Euphonics Audio Player v1.0.NOTA: algunos de estos detalles han sido obtenidos a partir de informaci\u00f3n de terceros."}], "id": "CVE-2009-0476", "lastModified": "2024-11-21T00:59:59.493", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": true, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2009-02-08T21:30:09.827", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33791"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33817"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/500652/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/33589"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2009/0316"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/7958"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/7973"}, {"source": "cve@mitre.org", "url": "https://www.exploit-db.com/exploits/7974"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33791"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/33817"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/500652/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/33589"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2009/0316"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/7958"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/7973"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.exploit-db.com/exploits/7974"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}