Summary
This host has PPLive installed and is prone to multiple argument injection vulnerabilities.
Impact
By persuading a victim to click on a specially-crafted URI, attackers can execute arbitrary script code by loading malicious files(dll) through the UNC share pathname in the LoadModule argument.
Impact Level: Application
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one For updates refer to http://www.pplive.com/en/index.html
Insight
Improper validation of user supplied input to the synacast://, Play://, pplsv://, and ppvod:// URI handlers via a UNC share pathname in the LoadModule argument leads to this injection attacks.
Affected
PPLive version 1.9.21 and prior on Windows.
References
Updated on 2017-03-28
Severity
Classification
-
CVE CVE-2009-1087 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities
- Adobe AIR Multiple Vulnerabilities-01 Jan15 (Mac OS X)
- Adobe Acrobat and Reader 'printSeps()' Function Heap Corruption Vulnerability
- Adobe Flash Player 'SWF' File Multiple Code Execution Vulnerability - Windows
- Adobe Air Multiple Vulnerabilities - November12 (Mac OS X)
- Adobe AIR Multiple Vulnerabilities -02 April 13 (Mac OS X)