Critical

CVE-2009-0182 - Buffer Errors vulnerability in Vuplayer

Publication: 2009-01-20
Summary

Buffer overflow in VUPlayer 2.49 and earlier allows user-assisted attackers to execute arbitrary code via a long URL in a File line in a .pls file, as demonstrated by an http URL on a File1 line.

Classification
CWE-119: Buffer Errors

Risk level (CVSS 9.3)

Critical

9.3

Access Vector

  • Network
  • Adjacent Network
  • Local

Access Complexity

  • Low
  • Medium
  • High

Authentication

  • None
  • Single
  • Multiple

Confident. Impact

  • Complete
  • Partial
  • None

Integrity Impact

  • Complete
  • Partial
  • None

Affected Products

  • Vuplayer Vuplayer 0.1
  • Vuplayer Vuplayer 0.2
  • Vuplayer Vuplayer 0.3
  • Vuplayer Vuplayer 0.4
  • Vuplayer Vuplayer 0.5
  • Vuplayer Vuplayer 0.6
  • Vuplayer Vuplayer 0.7
  • Vuplayer Vuplayer 0.8
  • Vuplayer Vuplayer 0.9
  • Vuplayer Vuplayer 1.0
  • Vuplayer Vuplayer 1.1
  • Vuplayer Vuplayer 1.2
  • Vuplayer Vuplayer 1.3
  • Vuplayer Vuplayer 1.4
  • Vuplayer Vuplayer 1.5
  • Vuplayer Vuplayer 1.6
  • Vuplayer Vuplayer 1.7
  • Vuplayer Vuplayer 1.8
  • Vuplayer Vuplayer 1.9
  • Vuplayer Vuplayer 2.0
  • Vuplayer Vuplayer 2.1
  • Vuplayer Vuplayer 2.2
  • Vuplayer Vuplayer 2.3
  • Vuplayer Vuplayer 2.4
  • Vuplayer Vuplayer 2.11
  • Vuplayer Vuplayer 2.21
  • Vuplayer Vuplayer 2.22
  • Vuplayer Vuplayer 2.23
  • Vuplayer Vuplayer 2.41
  • Vuplayer Vuplayer 2.42
  • Vuplayer Vuplayer 2.43
  • Vuplayer Vuplayer 2.44
  • Vuplayer Vuplayer 2.45
  • Vuplayer Vuplayer 2.46
  • Vuplayer Vuplayer 2.47
  • Vuplayer Vuplayer 2.48
  • Vuplayer Vuplayer 2.49