BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

ALLPlayer Buffer Overflow Vulnerability

Disclosed September 10, 2013    Zeroday : 358 days

Vulnerability Description:

ALLPlayer 5.6.2 and possibly earlier versions contain a stack-based buffer overflow, caused by a boundary error when parsing M3U playlists. If successfuly exploited, this vulnerability could grant a remote attacker arbitrary code execution.

Vendors:

ALLPlayer

Vulnerable Software/Devices:

ALLPlayer 5.6.2 and possibly earlier versions

Vulnerability Severity:

High

Exploit Availability:

No Exploit Available

Exploit Impact:

Remote Code Execution
A remote attacker may convince a target user to open a maliciously crafted M3U playlist. Once opened, the vulnerability will be exploited to give a remote attacker arbitrary code execution, within the context of the currently logged on user, on the target system.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 31470 - ALLPlayer Buffer Overflow Vulnerability (20131114) (Zero-Day)
  • 31471 - ALLPlayer Buffer Overflow Vulnerability (20131114) (Zero-Day) - x64

Mitigation:

Do not open untrusted M3U files. 

Links:

CVE(s):

None