Vulnerability Description
Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name. NOTE: it was later reported that 1.20 and 1.30 are also affected.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Itinysoft Studio | Total Video Player | <= 1.03 |
References
- http://osvdb.org/33187
- http://secunia.com/advisories/23999Vendor Advisory
- http://www.securityfocus.com/bid/22553
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32479
- https://www.exploit-db.com/exploits/5032
- https://www.exploit-db.com/exploits/5077
- http://osvdb.org/33187
- http://secunia.com/advisories/23999Vendor Advisory
- http://www.securityfocus.com/bid/22553
- https://exchange.xforce.ibmcloud.com/vulnerabilities/32479
- https://www.exploit-db.com/exploits/5032
- https://www.exploit-db.com/exploits/5077
FAQ
What is CVE-2007-0949?
CVE-2007-0949 is a vulnerability with a CVSS score of 10.0 (HIGH). Stack-based buffer overflow in iTinySoft Studio Total Video Player 1.03, and possibly earlier, allows remote attackers to execute arbitrary code via a M3U playlist file that contains a long file name....
How severe is CVE-2007-0949?
CVE-2007-0949 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0949?
Check the references section above for vendor advisories and patch information. Affected products include: Itinysoft Studio Total Video Player.