Summary
This host has Mini-Stream products installed and is prone to Stack Overflow Vulnerability.
Impact
Successful exploitation will let the attacker craft malicious 'asx' or 'ram' files and execute arbitrary codes to cause stack overflow in the context of the affected application.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore.
General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
Insight
Inadequate boundary checks error of user supplied input to Mini-stream products which causes stack overflow while processing .ram and .asx files with overly long URIs.
Affected
Ripper version 3.0.1.1 (3.0.1.5) and prior
RM-MP3 Converter version 3.0.0.7 and prior
ASXtoMP3 Converter version 3.0.0.7 and prior
References
Severity
Classification
-
CVE CVE-2009-1641, CVE-2009-1642, CVE-2009-1645 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- ActiveFax RAW Server Multiple Buffer Overflow Vulnerabilities
- Adobe Reader Integer Overflow Vulnerability - Jan 12 (Linux)
- Anzio Web Print Object ActiveX Control Remote BOF Vulnerability
- CTorrent/Enhanced CTorrent Buffer Overflow Vulnerability
- Adobe Reader 'File Extension' Buffer Overflow Vulnerability (Mac OS X)