CVE-2009-2934

Multiple stack-based buffer overflows in xaudio.dll in Programmed Integration PIPL 2.5.0 and 2.5.0D allow remote attackers to execute arbitrary code via a long string in a (1) .pls or (2) .pl playlist file.

CVSS v2.0 9.3 HIGH

9.3^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References

Link	Resource
http://osvdb.org/56996
http://secunia.com/advisories/36297	Vendor Advisory
http://www.exploit-db.com/exploits/9428
https://exchange.xforce.ibmcloud.com/vulnerabilities/52440

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:programmedintegration:pipl:2.5.0:::::::*
	cpe:2.3:a:programmedintegration:pipl:2.5.0d:::::::*

History

No history.

Information

Published : 2009-08-21 20:30

Updated : 2024-02-04 17:33

NVD link : CVE-2009-2934

Mitre link : CVE-2009-2934

CVE.ORG link : CVE-2009-2934

JSON object : View

Products Affected

programmedintegration

pipl

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

9.3 /10