Summary
This host is installed with Serenity/Mplay Audio Player and is prone to code execution vulnerability.
Impact
Successful exploitation could allow local/remote attackers to trick the user to access the crafted m3u playlist file, execute the crafted shellcode into the context of the affected system memory registers to take control of the machine running the affected application.
Impact Level: System
Solution
No solution or patch was made available for at least one year since disclosure of this vulnerability. Likely none will be provided anymore. General solution options are to upgrade to a newer release, disable respective features, remove the product or replace the product by another one.
For updates refer to http://malsmith.kyabram.biz/serenity
Insight
There exists a stack overflow vulnerability within the 'MplayInputFile()' function in 'src/plgui.c' that fails to sanitize user input while the user crafts his/her own malicious playlist 'm3u' file.
Affected
Serenity/Mplay Audio Player 3.2.3.0 and prior on Windows.
References
Severity
Classification
-
CVE CVE-2009-4097 -
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C
Related Vulnerabilities