CVE-2009-1642
ASX to MP3 Converter 3.0.0.100 - Local Stack Overflow (PoC)
Severity Score
9.3
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
8
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Multiple stack-based buffer overflows in Mini-stream ASX to MP3 Converter 3.0.0.7 allow remote attackers to execute arbitrary code via (1) a long rtsp URL in a .ram file and (2) a long string in the HREF attribute of a REF element in a .asx file. NOTE: the latter was also subsequently reported in "prior to 3.1.3.7."
Múltiples desbordamientos de búfer basado en pila en Mini-stream ASX to MP3 Converter 3.0.0.7 permiten que atacantes remotos ejecuten código arbitrario mediante (1) una URL rtsp larga en un archivo .ram y (2) una cadena larga en el atributo HREF de un elemento REF en un archivo .asx. NOTA: sobre este último también se informó en "anteriores a la 3.1.3.7".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2009-05-15 CVE Reserved
- 2009-05-15 CVE Published
- 2010-03-29 First Exploit
- 2023-08-18 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
CAPEC
References (10)
| URL | Tag | Source |
|---|---|---|
| https://exchange.xforce.ibmcloud.com/vulnerabilities/50374 | Vdb Entry | |
| https://packetstormsecurity.com/files/144558/ASX-To-MP3-Converter-Stack-Overflow.html | X_refsource_misc |
|
| URL | Date | SRC |
|---|---|---|
| https://www.exploit-db.com/exploits/11930 | 2010-03-29 | |
| https://www.exploit-db.com/exploits/11958 | 2010-03-30 | |
| https://www.exploit-db.com/exploits/8630 | 2024-08-07 | |
| https://www.exploit-db.com/exploits/8629 | 2024-08-07 | |
| https://www.exploit-db.com/exploits/18781 | 2012-04-25 | |
| https://www.exploit-db.com/exploits/11957 | 2010-03-30 | |
| http://www.securityfocus.com/bid/34860 | 2024-08-07 | |
| http://www.securityfocus.com/bid/34864 | 2024-08-07 |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Mini-stream Search vendor "Mini-stream" | Mini-stream To Mp3 Converter Search vendor "Mini-stream" for product "Mini-stream To Mp3 Converter" | 3.0.0.7 Search vendor "Mini-stream" for product "Mini-stream To Mp3 Converter" and version "3.0.0.7" | - |
Affected
| ||||||