Vulnerabilities > CVE-2003-0075 - Unspecified vulnerability in Bladeenc

CVSS 7.5 - HIGH

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

PARTIAL

network

low complexity

bladeenc

NVD

Published: 2003-02-19

Updated: 2016-10-18

Summary

Integer signedness error in the myFseek function of samplein.c for Blade encoder (BladeEnc) 0.94.2 and earlier allows remote attackers to execute arbitrary code via a negative offset value following a "fmt" wave chunk.

Vulnerable Configurations

Part	Description	Count
Application	Bladeenc Bladeenc Bladeenc 0.92.7 Bladeenc Bladeenc 0.93.10 Bladeenc Bladeenc 0.94.0 Bladeenc Bladeenc 0.94.1 Bladeenc Bladeenc 0.94.2	5

References

http://marc.info/?l=bugtraq&m=104428700106672&w=2
http://marc.info/?l=bugtraq&m=104446346127432&w=2
http://www.iss.net/security_center/static/11227.php
http://www.pivx.com/luigi/adv/blade942-adv.txt
http://www.securityfocus.com/bid/6745