Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2007-5301

Overview

Vulnerability Score 6.8 6.8
CVE Id CVE-2007-5301
Last Modified 07 Mar 2011 10:00:28
Published 09 Oct 2007 02:17:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2007-5301

Summary

Buffer overflow in the vorbis_stream_info function in input/vorbis/vorbis_engine.c (aka the vorbis input plugin) in AlsaPlayer before 0.99.80-rc3 allows remote attackers to execute arbitrary code via a .OGG file with long comments.

Vulnerable Systems

Application

  • Alsaplayer 0.99.80-rc2


References

VUPEN - ADV-2007-3393

CONFIRM - http://sourceforge.net/project/shownotes.php?release_id=544663&group_id=249

CONFIRM - http://sourceforge.net/forum/forum.php?forum_id=742584

SECUNIA - 27117

XF - alsaplayer-vorbis-input-bo(36996)

MISC - http://www.wekk.net/research/CVE-2007-5301/CVE-2007-5301-exploit.sh

BID - 25969

BUGTRAQ - 20080409 [CVE-2007-5301] alsaplayer PoC - exploit

MILW0RM - 5424

DEBIAN - DSA-1538

SECUNIA - 29680


Last Updated: 27 May 2016 10:46:08