Vulnerability Description
Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony XAV-AX5500 devices. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of WMV/ASF files. A crafted Extended Content Description Object in a WMV media file can trigger an overflow of a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the device. . Was ZDI-CAN-22994.
CVSS Score
HIGH
Related Weaknesses (CWE)
References
- https://www.sony.com/electronics/support/mobile-cd-players-digital-media-players
- https://www.zerodayinitiative.com/advisories/ZDI-24-875/
FAQ
What is CVE-2024-23934?
CVE-2024-23934 is a vulnerability with a CVSS score of 8.8 (HIGH). Sony XAV-AX5500 WMV/ASF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sony ...
How severe is CVE-2024-23934?
CVE-2024-23934 has been rated HIGH with a CVSS base score of 8.8/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-23934?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.