In association with heise online

« previous | next »
30 October 2007, 12:48

Sony's SonicStage CP allows code injection

Sony uses SonicStage CP software for loading its MP3 players. However, the application processes crafted playlists incorrectly, so that attackers can inject and execute external code.

According to a security advisory from Secunia, the security vulnerability was discovered by Parvez Anwar. If a .m3u playlist contains an entry with more than 1000 characters, a buffer overflow can occur. A sample program which is meant to demonstrate the vulnerability has now appeared on milw0rm.

The bug apparently affects the current version 4.3 of SonicStage CP and possibly previous versions. No update is yet available, so users of this software should not open .m3u playlists for the time being.

See also:

(mba)

« previous | next »
Print Version | Send by email | Permalink: http://h-online.com/-733872

Also on The H:

  • Share this article
  • Twitter
  • Facebook
  • digg this
  • submit to slashdot
  • post to delicious
  • StumbleUpon
  • submit to reddit
The H Open Headlines

Price Insight Top 10 powered by Skinflint

  1. Samsung SSD 830 Series 128GB
  2. Samsung SSD 830 Series 256GB
  3. Samsung SSD 830 Series Desktop Upgrade Kit 256GB
  4. Intel Core i5-3570K
  5. Samsung Galaxy S3 i9300 16GB blau
  6. Gigabyte GeForce GTX 670 OC
  7. Crucial m4 SSD 128GB
  8. Diablo 3 (deutsch)
  9. Palit GeForce GTX 670
  10. Samsung Galaxy Nexus i9250 16GB silber

The H

The H open source

The H Security

The H Internet Toolkit