Vulnerability Description
Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and earlier, possibly including (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe, allows user-assisted attackers to cause a denial of service or execute arbitrary code via a .m3u playlist with a long entry, possibly involving large field names, as demonstrated by SecuBox.Labs.m3u. NOTE: this issue might be the same as the .m3u vulnerability in CVE-2004-1569, but if so, then CD:SF-LOC suggests creating a different identifier since the .m3u issue would affect different versions than the .pls issue.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Illustrate | Dbpoweramp Music Converter | <= 11.5 |
References
- http://secubox.shadock.net/dBpowerAMP_Music_Converter_v11.5_Local_Buffer_OverfloExploitVendor Advisory
- http://securitytracker.com/id?1015415ExploitVendor Advisory
- http://secubox.shadock.net/dBpowerAMP_Music_Converter_v11.5_Local_Buffer_OverfloExploitVendor Advisory
- http://securitytracker.com/id?1015415ExploitVendor Advisory
FAQ
What is CVE-2005-4648?
CVE-2005-4648 is a vulnerability with a CVSS score of 5.1 (MEDIUM). Buffer overflow in Illustrate dBpowerAMP Music Converter 11.5 and earlier, possibly including (1) MusicConverter.exe, (2) playlist.exe, and (3) amp.exe, allows user-assisted attackers to cause a denia...
How severe is CVE-2005-4648?
CVE-2005-4648 has been rated MEDIUM with a CVSS base score of 5.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2005-4648?
Check the references section above for vendor advisories and patch information. Affected products include: Illustrate Dbpoweramp Music Converter.