Executive Summary
Informations | |||
---|---|---|---|
Name | CVE-2010-2009 | First vendor Publication | 2010-05-21 |
Vendor | Cve | Last vendor Modification | 2010-05-24 |
Security-Database Scoring CVSS v3
Cvss vector : N/A | |||
---|---|---|---|
Overall CVSS Score | NA | ||
Base Score | NA | Environmental Score | NA |
impact SubScore | NA | Temporal Score | NA |
Exploitabality Sub Score | NA | ||
Calculate full CVSS 3.0 Vectors scores |
Security-Database Scoring CVSS v2
Cvss vector : (AV:N/AC:M/Au:N/C:C/I:C/A:C) | |||
---|---|---|---|
Cvss Base Score | 9.3 | Attack Range | Network |
Cvss Impact Score | 10 | Attack Complexity | Medium |
Cvss Expoit Score | 8.6 | Authentication | None Required |
Calculate full CVSS 2.0 Vectors scores |
Detail
Stack-based buffer overflow in the media library in BS.Global BS.Player 2.51 build 1022, 2.41 build 1003, and possibly other versions allows user-assisted remote attackers to execute arbitrary code via a long ID3 tag in a .MP3 file. NOTE: some of these details are obtained from third party information. |
Original Source
Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-2009 |
CWE : Common Weakness Enumeration
% | Id | Name |
---|---|---|
100 % | CWE-119 | Failure to Constrain Operations within the Bounds of a Memory Buffer |
CPE : Common Platform Enumeration
Type | Description | Count |
---|---|---|
Application | 2 |
OpenVAS Exploits
Date | Description |
---|---|
2010-05-25 | Name : BS.Player '.bsl' File Buffer Overflow Vulnerabilities File : nvt/secpod_bsplayer_mult_bof_vuln.nasl |
Open Source Vulnerability Database (OSVDB)
Id | Description |
---|---|
64864 | BS.Player Media Library MP3 File Handling Overflow BS.Player and its feature Media Library is prone to a buffer overflow vulnerability because it fails to adequatly sanitize boundry check when processing mp3 file and its metadata. When you load the evil .mp3 file in the Media Library > Audio launched from bsplayer the application crashes instantly giving us info that ECX and EIP got overwritten enabling the attacker to gain full access to the application's memory and execute arbitrary code. |
Sources (Detail)
Alert History
Date | Informations |
---|---|
2021-05-04 12:11:40 |
|
2021-04-22 01:12:14 |
|
2020-05-23 00:25:52 |
|
2016-04-26 19:50:43 |
|
2013-05-10 23:25:55 |
|