ALLPlayer 5.6.2 and possibly earlier versions contain a stack-based buffer overflow, caused by a boundary error when parsing M3U playlists. If successfuly exploited, this vulnerability could grant a remote attacker arbitrary code execution.
ALLPlayer 5.6.2 and possibly earlier versions
No Exploit Available
Remote Code Execution
A remote attacker may convince a target user to open a maliciously crafted M3U playlist. Once opened, the vulnerability will be exploited to give a remote attacker arbitrary code execution, within the context of the currently logged on user, on the target system.
BeyondTrust Prevention and Detection:
BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.
- 31470 - ALLPlayer Buffer Overflow Vulnerability (20131114) (Zero-Day)
- 31471 - ALLPlayer Buffer Overflow Vulnerability (20131114) (Zero-Day) - x64
Do not open untrusted M3U files.