Release date:
Updated on:
Affected Systems:
JetAudio 8.x
Description:
--------------------------------------------------------------------------------
CVE (CAN) ID: CVE-2013-2691
JetAudio is an integrated multimedia player launched by COWON in Korea.
When jetAudio 8.0.17 processes the MPEG2 transmission stream, the JetMPG. ax module has a boundary error. Using this vulnerability through a specially crafted MPEG2-TS video file can cause stack buffer overflow, resulting in arbitrary code execution.
<* Source: kaveh ghaemmaghami
Link: http://secunia.com/advisories/52450/
Http://www.securelist.com/en/advisories/52450
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
JetAudio
--------
Currently, the vendor does not provide patches or upgrade programs. We recommend that users who use the software follow the vendor's homepage to obtain the latest version:
Http://www.jetaudio.com/