Info

Disclosure

Sep 01, 2009

Discovery

Unknown

Dates

Exploit

Sep 01, 2009

Solution

Unknown

Description

A remote/local stack-based buffer overflow exists in AIMP2 Audio Converter. With a specially crafted PLS or M3U file, an attacker may be able to execute arbitrary code.

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public
Disclosure: Uncoordinated Disclosure

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

AIMP DevTeam

AIMP Audio Converter

2.53

References

Exploit Database: 10280 9561 9974
CVE ID: 2009-3170 (see also: NVD)
Secunia Advisory ID: 35295
ISS X-Force ID: 50875
Milw0rm: 9561
Other Advisory URL: http://www.vupen.com/english/advisories/2009/2530

Credit

mr_me -

Direct URL: http://osvdb.org/58125