Published:2007/12/04  Last Updated:2008/05/21

SonicStage CP buffer overflow vulnerability


SonicStage CP is vulnerable to buffer overflow.

Products Affected

  • SonicStage Ver.4.0
  • SonicStage Ver.4.1
  • SonicStage Ver.4.2
  • SonicStage Ver.4.3
For details, see the information provided by the vendor.


Sony SonicStage CP is software for music management. SonicStage CP contains a vulnerability that can be exploited to cause a buffer overflow when importing a specially crafted playlist file with the .m3u extension.


Importing a specially crafted playlist file with the .m3u extension can cause a buffer overflow, allowing a remote attacker to crash SonicStage CP and at the same time execute arbitrary code on the affected system.


Update the Software
Apply the latest update provided by the vendor.
For more information, refer to the vendor's website.

Vendor Status

Vendor Status Last Update Vendor Notes
Sony Corporation Vulnerable 2007/12/04


JPCERT/CC Addendum

Vulnerability Analysis by JPCERT/CC

Analyzed on 2007.12.04

Measures Conditions Severity
Access Required Routed - can be attacked over the Internet using packets
  • High
Authentication None - anonymous or no authentication (IP addresses do not count)
  • High
User Interaction Required Complex - the user must be convinced to take a difficult or suspicious action. If the honest user must have elevated privileges, they are likely to be more suspicious
  • Low
Exploit Complexity Low - little to no expertise and/or luck required to exploit (cross-site scripting)
  • High

Description of each analysis measures


Other Information

JPCERT Reports
CERT Advisory
CPNI Advisory
CVE CVE-2007-5709
JVN iPedia JVNDB-2007-000809

Update History