Written by Nine:Situations:Group::strawdog
Monday, 06 April 2009 23:11
PPLive URI Handlers 'LoadModule' Parameter Multiple Remote Code Execution Vulnerabilities
Input Validation Error
Mar 16 2009 12:00AM
Apr 06 2009 10:26PM
PPLive PPLive 1.9.21
PPLive is prone to multiple remote code-execution vulnerabilities because
the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues can allow an attacker to execute arbitrary code
within the context of the affected application.
PPLive 1.9.21 is vulnerable; other versions may also be affected.
An attacker can exploit this issue by enticing an unsuspecting victim to
follow a malicious URI.
The following example URIs are available:
Currently we are not aware of any vendor-supplied patches. If you feel we
are in error or if you are aware of more recent information, please mail