Monday, February 11, 2008

jetAudio ASX Parsing Buffer Overflow Vulnerability

jetAudio 7.x
clipped from secunia.com
Description:
Laurent Gaffie has discovered a vulnerability in jetAudio, which can be exploited by malicious people to compromise a user's system.



The vulnerability is caused due to a boundary error within the processing of ASX files. This can be exploited to cause a stack-based buffer overflow via an overly long URL contained inside an ASX file.



The vulnerability is confirmed in version 7.0.5. Other versions may also be affected.

Solution:
Do not open untrusted ASX files.
 blog it

No comments: