Vulnerability Description
Multiple stack-based buffer overflows in Mp3 Tag Assistant Professional 2.92 build 300 allow remote attackers to execute arbitrary code via an MP3 file with a long string in the (1) ID3v1, (2) ID3v2, or (3) APEv2 metadata field.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Assistanttools | Mp3 Tag Assistance Professional | 2.92 |
Related Weaknesses (CWE)
References
- http://liquidworm.blogspot.com/2009/05/mp3-tag-assistant-pro-292-tag-metadata.htExploit
- http://osvdb.org/54810
- http://secunia.com/advisories/35305Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50870
- http://liquidworm.blogspot.com/2009/05/mp3-tag-assistant-pro-292-tag-metadata.htExploit
- http://osvdb.org/54810
- http://secunia.com/advisories/35305Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/50870
FAQ
What is CVE-2009-4201?
CVE-2009-4201 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple stack-based buffer overflows in Mp3 Tag Assistant Professional 2.92 build 300 allow remote attackers to execute arbitrary code via an MP3 file with a long string in the (1) ID3v1, (2) ID3v2, ...
How severe is CVE-2009-4201?
CVE-2009-4201 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-4201?
Check the references section above for vendor advisories and patch information. Affected products include: Assistanttools Mp3 Tag Assistance Professional.