Sony PC Companion 2.1 (DownloadURLToFile()) Stack-based Unicode Buffer Overload SEH

vendor:

PC Companion

by:

Unknown

7,8

CVSS

HIGH

Stack-based Buffer Overflow

119

CWE

Product Name: PC Companion

Affected Version From: 2.10.115 (Production 27.1, Build 830)

Affected Version To: 2.10.108 (Production 26.1, Build 818)

Patch Exists: Yes

Related CWE: Unknown

CPE: a:sony_mobile_communications_ab:pc_companion

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Unknown

Unknown

Sony PC Companion 2.1 (DownloadURLToFile()) Stack-based Unicode Buffer Overload SEH

The vulnerability is caused due to a boundary error in WebServices.dll when handling the value assigned to the 'bstrFile' item in the DownloadURLToFile function and can be exploited to cause a stack-based buffer overflow via an overly long string which may lead to execution of arbitrary code on the affected machine.

Mitigation:

The vendor has released a patch to address this vulnerability.

Source

Sony PC Companion 2.1 (DownloadURLToFile()) Stack-based Unicode Buffer Overload SEH

Mitigation:

Exploit-DB raw data: