vendor:
FireFly Mediaserver
by:
High-Tech Bridge Security Research Lab
5,5
CVSS
MEDIUM
NULL Pointer Dereference
476
CWE
Product Name: FireFly Mediaserver
Affected Version From: 1.0.0.1359
Affected Version To: 1.0.0.1359
Patch Exists: YES
Related CWE: CVE-2012-5875
CPE: a:firefly:firefly_mediaserver
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7 SP1
2012
Multiple NULL pointer dereference vulnerabilities in Firefly MediaServer
The vulnerability exists due to improper handling of the HTTP CONNECTION header within the 'firefly.exe' binary file. A remote attacker can send a specially crafted packet to 9999/TCP port (FireFly's server default port) with improper CONNECTION header value, leading to a NULL pointer dereference that will cause vulnerable server to crash immediately.
Mitigation:
Update to the latest version of FireFly MediaServer
