Vulnerabilities > CVE-2005-1168 - Unspecified vulnerability in Musicmatch Jukebox 9.0.5059

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
PARTIAL
Availability impact
NONE
network
low complexity
musicmatch
nessus

Summary

DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows remote attackers to overwrite arbitrary files via the bstrSavePath argument.

Vulnerable Configurations

Part Description Count
Application
Musicmatch
2

Nessus

NASL familyWindows
NASL idMUSICMATCH_MULTIPLE_VULNERABILITIES.NASL
descriptionThe remote host is running MusicMatch, a music player. The remote version of this software is affected by a buffer overflow vulnerability as well as a cross-site scripting vulnerability. An attacker may exploit these flaws to execute arbitrary code on the remote host.
last seen2020-06-01
modified2020-06-02
plugin id18049
published2005-04-14
reporterThis script is Copyright (C) 2005-2018 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/18049
titleMusicMatch < 9.0.5066 / 10.0.2048 Multiple Vulnerabilities
code
#
# (C) Tenable Network Security, Inc.
#


include("compat.inc");

if (description)
{
 script_id(18049);
 script_version("1.20");
 script_cvs_date("Date: 2018/11/15 20:50:27");

 script_cve_id("CVE-2005-1168", "CVE-2005-1185");
 script_bugtraq_id(13167, 13173, 13174);
 script_xref(name:"Secunia", value:"15087");

 script_name(english:"MusicMatch < 9.0.5066 / 10.0.2048 Multiple Vulnerabilities");
 script_summary(english:"Checks for the version of MusicMatch");

 script_set_attribute(attribute:"synopsis", value:
"The remote host is running a media player that is affected by multiple
vulnerabilities.");
 script_set_attribute(attribute:"description", value:
"The remote host is running MusicMatch, a music player.

The remote version of this software is affected by a buffer overflow
vulnerability as well as a cross-site scripting vulnerability.

An attacker may exploit these flaws to execute arbitrary code on the
remote host.");
 script_set_attribute(attribute:"see_also", value:"http://www.musicmatch.com/info/user_guide/faq/security_updates.htm");
 script_set_attribute(attribute:"see_also", value:"https://seclists.org/bugtraq/2005/Apr/212" );
 script_set_attribute(attribute:"solution", value:"Upgrade to MusicMatch 9.0.5066 or 10.0.2048.");
 script_set_cvss_base_vector("CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P");
 script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
 script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
 script_set_attribute(attribute:"exploit_available", value:"false");
 script_cwe_id(20, 74, 79, 442, 629, 711, 712, 722, 725, 750, 751, 800, 801, 809, 811, 864, 900, 928, 931, 990);

 script_set_attribute(attribute:"vuln_publication_date", value:"2005/04/14");
 script_set_attribute(attribute:"plugin_publication_date", value:"2005/04/14");

 script_set_attribute(attribute:"plugin_type", value:"local");
 script_end_attributes();

 script_category(ACT_GATHER_INFO);
 script_copyright(english:"This script is Copyright (C) 2005-2018 Tenable Network Security, Inc.");
 script_family(english:"Windows");
 script_dependencies("smb_hotfixes.nasl");
 script_require_keys("SMB/Registry/Enumerated");
 script_require_ports(139, 445);
 exit(0);
}

# start script

include("audit.inc");
include("smb_func.inc");
include("smb_hotfixes.inc");

if ( ! get_kb_item("SMB/Registry/Enumerated") ) exit(1);
port = kb_smb_transport();
login = kb_smb_login();
pass  = kb_smb_password();
domain = kb_smb_domain();

if(! smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');

r = NetUseAdd(login:login, password:pass, domain:domain, share:"IPC$");
if ( r != 1 )
{
  NetUseDel();
  audit(AUDIT_SHARE_FAIL,"IPC$");
}

hklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);
if ( isnull(hklm) )
{
  NetUseDel();
  audit(AUDIT_REG_FAIL);
}

key = "SOFTWARE\MusicMatch\MusicMatch JukeBox";
key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);
if ( isnull(key_h) )
{
 RegCloseKey(handle:hklm);
 NetUseDel();
 exit(0);
}

info = RegQueryInfoKey(handle:key_h);
for ( i = 0 ; i < info[1] ; i ++ )
{
 entries[i] = RegEnumKey(handle:key_h, index:i);
}

RegCloseKey(handle:key_h);
RegCloseKey(handle:hklm);
NetUseDel();

max_version[0] = max_version[1] = max_version[2] = 0;

foreach entry (entries)
{
 if ( ereg(pattern:"[0-9]*\.[0-9]*\.[0-9]*", string:entry) )
 {
  version = split(entry, sep:'.', keep:0);
  if ( int(version[0]) > int(max_version[0]) ||
       (int(version[0]) == int(max_version[0]) && int(version[1]) > int(max_version[1])) ||
       (int(version[0]) == int(max_version[0]) && int(version[1]) == int(max_version[1]) && int(version[2]) > int(max_version[2]))
     )
	{
	 max_version[0] = version[0];
	 max_version[1] = version[1];
	 max_version[2] = version[2];
	}
 }
}

if ( max_version[0] < 9 )
{
 security_warning(0); # Versions older than 9.x were not patched
 set_kb_item(name: 'www/0/XSS', value: TRUE);
}
else if ( max_version[0] == 9 && max_version[2] < 5066 )
{
 security_warning(port); # < 9.0.5066
 set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
}
else if ( max_version[0] == 10 && max_version[2] < 2048)
{
 security_warning(port); # < 10.0.2048
 set_kb_item(name: 'www/'+port+'/XSS', value: TRUE);
}

set_kb_item(name:"SMB/MusicMatch/Version", value:max_version[0] + "." + max_version[1] + "." + max_version[2]);