vendor:
Serenity Audio Player
by:
mr_me
9.3
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Serenity Audio Player
Affected Version From: <= 3.2.3
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: a:serenity_audio_player:serenity_audio_player
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP sp3
2009
Serenity Audio Player Playlist (.m3u) BOF
Serenity Audio Player is a playlist based audio player for Windows. It features a clean and simple interface with minimal overhead. A buffer overflow vulnerability exists in the application which can be exploited to execute arbitrary code on the target system. An attacker can send a specially crafted .m3u file to the victim which when opened in Serenity Audio Player, can lead to arbitrary code execution.
Mitigation:
Update to the latest version of Serenity Audio Player.