Details of VAR-201305-0359

ID

VAR-201305-0359

TITLE

ABBS Audio Media Player '.lst' File Remote Buffer Overflow Vulnerability

Trust: 1.1

sources: IVD: 67cb2fc0-1f26-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-04924 // BID: 59646

DESCRIPTION

ABBS Audio Media Player is a windows media player from Electrons Under Control of the United States. A buffer overflow vulnerability exists in ABBS Audio Media Player. An attacker could use this vulnerability to execute arbitrary code in the context of an application. If the exploit is unsuccessful, it may lead to a denial of service status. This vulnerability exists in ABBS Audio Media Player 3.1, and other versions may also be affected by it

Trust: 1.53

sources: CNVD: CNVD-2013-04924 // CNNVD: CNNVD-201305-121 // BID: 59646 // IVD: 67cb2fc0-1f26-11e6-abef-000c29c66e3d

IOT TAXONOMY

category:

['ICS']

sub_category:

Trust: 0.8

sources: IVD: 67cb2fc0-1f26-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-04924

AFFECTED PRODUCTS

vendor:

abbs

model:

audio media player

scope:

version:

3.1

Trust: 0.8

sources: IVD: 67cb2fc0-1f26-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-04924

CVSS

SEVERITY

CVSSV2

CVSSV3

CNVD:	CNVD-2013-04924
value:	HIGH
Trust: 0.6
IVD:	67cb2fc0-1f26-11e6-abef-000c29c66e3d
value:	HIGH
Trust: 0.2

CNVD:	CNVD-2013-04924
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6
IVD:	67cb2fc0-1f26-11e6-abef-000c29c66e3d
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.9 [IVD]
Trust: 0.2

sources: IVD: 67cb2fc0-1f26-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-04924

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201305-121

TYPE

Buffer overflow

Trust: 0.8

sources: IVD: 67cb2fc0-1f26-11e6-abef-000c29c66e3d // CNNVD: CNNVD-201305-121

EXTERNAL IDS

db:	BID	id:	59646	Trust: 1.5
db:	CNVD	id:	CNVD-2013-04924	Trust: 0.8
db:	CNNVD	id:	CNNVD-201305-121	Trust: 0.6
db:	IVD	id:	67CB2FC0-1F26-11E6-ABEF-000C29C66E3D	Trust: 0.2

sources: IVD: 67cb2fc0-1f26-11e6-abef-000c29c66e3d // CNVD: CNVD-2013-04924 // BID: 59646 // CNNVD: CNNVD-201305-121

REFERENCES

url:	http://www.securityfocus.com/bid/59646	Trust: 1.2
url:	http://abbs.qsnx.net	Trust: 0.3

sources: CNVD: CNVD-2013-04924 // BID: 59646 // CNNVD: CNNVD-201305-121

CREDITS

Julien Ahrens

Trust: 0.9

sources: BID: 59646 // CNNVD: CNNVD-201305-121

SOURCES

db:	IVD	id:	67cb2fc0-1f26-11e6-abef-000c29c66e3d
db:	CNVD	id:	CNVD-2013-04924
db:	BID	id:	59646
db:	CNNVD	id:	CNNVD-201305-121

LAST UPDATE DATE

2022-05-17T02:01:14.465000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2013-04924	date:	2013-05-20T00:00:00
db:	BID	id:	59646	date:	2013-07-03T06:41:00
db:	CNNVD	id:	CNNVD-201305-121	date:	2013-05-09T00:00:00

SOURCES RELEASE DATE

db:	IVD	id:	67cb2fc0-1f26-11e6-abef-000c29c66e3d	date:	2013-05-08T00:00:00
db:	CNVD	id:	CNVD-2013-04924	date:	2013-05-08T00:00:00
db:	BID	id:	59646	date:	2013-05-06T00:00:00
db:	CNNVD	id:	CNNVD-201305-121	date:	2013-05-09T00:00:00