Info

Disclosure

Sep 27, 2004

Discovery

Sep 27, 2004

Dates

Exploit

Sep 27, 2004

Solution

Unknown

Description

A remote overflow exists in dBpowerAMP Music Converter and Audio Player. The application fails to perform proper bounds checking resulting in a buffer overflow. With a specially crafted playlist file (*.pls or *.m3u), a remote attacker can cause arbitrary code execution or cause the applications to crash resulting in a loss of integrity and/or availability.

Classification

Location: Remote/Network Access Required
Attack Type: Denial of Service, Input Manipulation
Impact: Loss of Integrity, Loss of Availability
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

Illustrate	dbPowerAmp Music Converter	10.0
Illustrate	dbPowerAmp Audio Player	2.0

References

Security Tracker: 1011436 1011437
Related OSVDB ID: 11126 11127
Bugtraq ID: 11266
Secunia Advisory ID: 12684
ISS X-Force ID: 17535 17539
CVE ID: 2004-1569 (see also: NVD)
Vendor URL: http://www.dbpoweramp.com/
Other Advisory URL: http://www.gulftech.org/?node=research&article_id=00052-09272004

Credit

James Bercegay - securitygulftech.org - GulfTech Research and Development

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

Illustrate

dbPowerAmp Music Converter

dbPowerAmp Audio Player

References

Credit