JVN#66291445
SonicStage CP buffer overflow vulnerability
Overview
SonicStage CP is vulnerable to buffer overflow.
Products Affected
- SonicStage Ver.4.0
- SonicStage Ver.4.1
- SonicStage Ver.4.2
- SonicStage Ver.4.3
Description
Sony SonicStage CP is software for music management. SonicStage CP contains a vulnerability that can be exploited to cause a buffer overflow when importing a specially crafted playlist file with the .m3u extension.
Impact
Importing a specially crafted playlist file with the .m3u extension can cause a buffer overflow, allowing a remote attacker to crash SonicStage CP and at the same time execute arbitrary code on the affected system.
Solution
Update the Software
Apply the latest update provided by the vendor.
For more information, refer to the vendor's website.
References
JPCERT/CC Addendum
Vulnerability Analysis by JPCERT/CC
Analyzed on 2007.12.04
| Measures | Conditions | Severity |
|---|---|---|
| Access Required | Routed - can be attacked over the Internet using packets |
|
| Authentication | None - anonymous or no authentication (IP addresses do not count) |
|
| User Interaction Required | Complex - the user must be convinced to take a difficult or suspicious action. If the honest user must have elevated privileges, they are likely to be more suspicious |
|
| Exploit Complexity | Low - little to no expertise and/or luck required to exploit (cross-site scripting) |
|
Credit
Other Information
| JPCERT Alert | |
| JPCERT Reports | |
| CERT Advisory | |
| CPNI Advisory | |
| TRnotes | |
| CVE |
CVE-2007-5709 |
| JVN iPedia |
JVNDB-2007-000809 |