vendor:
Nero Media Player
by:
Securfrog
9.3
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Nero Media Player
Affected Version From: 1.4.0.35b
Affected Version To: 1.4.0.35b
Patch Exists: YES
Related CWE: CVE-2008-0753
CPE: a:nero:nero_media_player
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008
NERO Media Player <= 1.4.0.35b Remote Buffer Overflow( .M3U)
A maliciously crafted .M3U file can be used to cause a buffer overflow in Nero Media Player version 1.4.0.35b and earlier. The overflow occurs when the application attempts to read a URL from the file, which is longer than expected. This can be exploited to execute arbitrary code by tricking a user into opening a specially crafted .M3U file.
Mitigation:
Upgrade to the latest version of Nero Media Player