Vulnerability Description
Xion Audio Player versions prior to 1.0.126 are vulnerable to a Unicode-based stack buffer overflow triggered by opening a specially crafted .m3u playlist file. The file contains an overly long string that overwrites the Structured Exception Handler (SEH) chain, allowing an attacker to hijack execution flow and run arbitrary code.
Related Weaknesses (CWE)
References
- https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exp
- https://www.exploit-db.com/exploits/14517
- https://www.exploit-db.com/exploits/14633
- https://www.exploit-db.com/exploits/15598
- https://www.exploit-db.com/exploits/16653
- https://www.r2.com.au/page/products/download/xion-audio-player/
- https://www.vulncheck.com/advisories/xion-audio-player-unicode-stack-buffer-over
FAQ
What is CVE-2010-20042?
CVE-2010-20042 is a documented vulnerability. Xion Audio Player versions prior to 1.0.126 are vulnerable to a Unicode-based stack buffer overflow triggered by opening a specially crafted .m3u playlist file. The file contains an overly long string...
How severe is CVE-2010-20042?
CVSS scoring is not yet available for CVE-2010-20042. Check NVD for updates.
Is there a patch for CVE-2010-20042?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.