Alias(es)Magic.ISO.Maker.Cue.File.Stack.Buffer.Overflow |
Release DateJul 03, 2007 |
Severityhigh |
ImpactSystem compromise: Remote code execution. |
DescriptionThis indicates an attempt to exploit a stack-based buffer-overflow vulnerability in multiple products.This vulnerability is caused by a boundary error that occurs when the vulnerable software deals with a malformed .cue file. It allows remote attackers to execute arbitrary code by sending a specially crafted .cue file. |
Affected ProductsMagic ISO MagicISO 5.4(build 239)VUPlayer VUPlayer 2.49 |
Recommended ActionsCurrently we are not aware of any officially supplied fix for this issue. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2007-2761 |
Reference/shttp://www.securityfocus.com/bid/33960 (BugTraq)http://www.securityfocus.com/bid/24029 (BugTraq) http://www.milw0rm.com/exploits/3945 http://www.frsirt.com/english/advisories/2007/1865 (FrSIRT) |
