Info

Disclosure

Jul 15, 2009

Discovery

Unknown

Dates

Exploit

Unknown

Solution

Unknown

Description

Music Tag Editor is prone to an overflow condition. The program fails to perform adequate boundary checks on user-supplied input resulting in a stack overflow. With a specially crafted MP3 file having an overly long ID3 tag, a context-dependent attacker can potentially cause arbitrary code execution.

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public

Solution

Products

Unknown or Incomplete

References

CVE ID: 2009-3811 (see also: NVD)
Secunia Advisory ID: 35828
ISS X-Force ID: 51724
Milw0rm: 9167
Exploit Database: 9167
Other Advisory URL: http://liquidworm.blogspot.com/2009/07/music-tag-editor-161-build-212-remote.html
http://securityreason.com/exploitalert/6612
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2009-4922.php
Packet Storm: http://www.packetstormsecurity.org/filedesc/musictag-overflow.txt.html
Generic Exploit URL: http://www.zeroscience.mk/codes/aimp2_evil.mp3

Credit

Gjoko Krstic - liquidwormgmail.com - Zero Science Lab

Direct URL: http://osvdb.org/55861