CVE-2007-0949

Published: 15/02/2007 Updated: 11/10/2017

CVSS v2 Base Score: 10 | Impact Score: 10 | Exploitability Score: 10

VMScore: 1000

Vector: AV:N/AC:L/Au:N/C:C/I:C/A:C

Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote malicious users to execute arbitrary code via a M3U playlist file that contains a long file name. NOTE: it was later reported that 1.20 and 1.30 are also affected.

Vulnerable Product	Search on Vulmon	Subscribe to Product
itinysoft studio total video player

/*0day Total Video Player V120 M3u File Local Stack Buffer Overflow This exploit spawns Calcexe or binds a port and spawns a shell and tested on Windows Xp sp 2 I got the ideea to look in a prior version of TVP and surprinse vuln to ,just as V130 When parsing a crafted m3u file stack gets corrupted,due a long string,and causes a stack overf ...

/*0day Total Video Player V103 m3u file Local Buffer Overflow In this exploit you chose to bind a port or to spawn calcexe After I crafted a playlist I observed that the stack got corrupted The corruption accured in some points,and overwriten a seh handler I managed to get control of the ECX register after a ~800 byte buffer overflowedThe E ...

NVD-CWE-Other http://www.securityfocus.com/bid/22553 http://secunia.com/advisories/23999 http://osvdb.org/33187 https://exchange.xforce.ibmcloud.com/vulnerabilities/32479 https://www.exploit-db.com/exploits/5077 https://www.exploit-db.com/exploits/5032 https://nvd.nist.gov https://www.exploit-db.com/exploits/5077/

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2007-0949

Vulnerability Summary

Exploits

References

Vulmon Search

About

Products

Connect