MixSense 1.0.0.1 DJ Studio is vulnerable to a crash vulnerability when a malicious .mp3 file is opened. The malicious file contains a string of 5000 'A's which causes the application to crash when opened.
Easy RM to MP3 Converter 2.7.3.700 is vulnerable to a stack-based buffer overflow when processing specially crafted .m3u files. This can be exploited to execute arbitrary code by tricking a user into opening a malicious .m3u file. The vulnerability is caused due to a boundary error within the processing of .m3u files. This can be exploited to cause a stack-based buffer overflow by sending an overly long string to the affected application. Successful exploitation may allow execution of arbitrary code.
The vulnerability exists in the index.php file of dB Masters Multimedia's Content Manager version 4.5. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'id' in the index.php file. An example of a malicious SQL query is '-57+union+select+1,version()--'. This will allow the attacker to execute arbitrary SQL commands on the vulnerable system.
This exploit has the ability to render any Intrusion Detection System utilizing the sguil monitoring useless. At the lowest level, you can kill the master logging daemon that collates the data into a MySQL database. I've also been able to inject random and useless data into the MySQL database, which opens the door for an obfuscation of an attack, or a flat-out denial of service attack. There also exists the possibility of dropping the database altogether, though I was not able to make this happen during my preliminary testing of the attack.
PhpLive is vulnerable to Blind SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can be done by sending a malicious SQL query to the vulnerable application through the ‘l’ and ‘x’ parameters in the ‘message_box.php’ and ‘request.php’ scripts. An attacker can use this vulnerability to gain access to sensitive information such as usernames, passwords, emails, userIDs, and names stored in the ‘chat_admin’ table. The vulnerable versions are v3.2.1 and v3.2.2.
A local heap overflow vulnerability exists in MultiMedia Jukebox 4.0 Build 020124. By creating a specially crafted .m3u file with an overly long string, an attacker can cause a buffer overflow, resulting in a denial of service condition or the potential execution of arbitrary code.
Hamster Audio Player 0.3a is vulnerable to a buffer overflow vulnerability when a specially crafted .m3u file is opened. This can be exploited to execute arbitrary code by overwriting the SEH handler with a custom crafted payload.
Audio Editor Pro is a visual multifunctional audio files editor for Microsoft Windows. It is vulnerable to a remote memory corruption vulnerability when a specially crafted MP3 file is opened. This can be exploited to execute arbitrary code by tricking a user into opening a malicious MP3 file.
Zortam MP3 Studio version 9.40 suffers from a memory corruption attack from two different malicious files. The first method is thru a .mp3 file which has its ID3 tags filled with long strings. The second method is a .m3u list which is loaded in to the player resulting in memory corruption of the whole application including Dr.Watson crashing along with the app.
A specially crafted m3u file with 800000 A characters can cause an integer division by zero vulnerability in Zortam MP3 Player 1.50, leading to a denial of service.
Services By CQR