CVE-2009-0476
CVE-2009-0476
Vexday Risk Score
50Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
Madurez del exploit
Exploit funcional
Exploit automatizable disponible (Nuclei/Metasploit).
CVSS —EPSS 37.0%KEV nãoPoC públicaNuclei —Metasploit simPatch —
Ciclo de vida
08 feb 2009Publicada en NVD
24 sep 2009PoC pública
08 dic 2009Exploit Metasploit disponible
Velocidad de armamento
227 díashasta el primer PoC
302 díashasta el módulo Metasploit
Recomendación: Planificar corrección próxima — ya existe PoC pública.
Stack-based buffer overflow in MultiMedia Soft AdjMmsEng.dll 7.11.1.0 and 7.11.2.7, as distributed in multiple MultiMedia Soft audio components for .NET, allows remote attackers to execute arbitrary code via a long string in a playlist (.pls) file, as originally reported for Euphonics Audio Player 1.0. NOTE: some of these details are obtained from third party information.
Productos afectados
n/a · n/aPoCs públicas encontradas — 7
exploitdbwww.exploit-db.com/exploits/16626no verificadocve_referencewww.exploit-db.com/exploits/7974no verificadocve_referencewww.exploit-db.com/exploits/7958no verificadocve_referencewww.exploit-db.com/exploits/7973no verificadoexploitdbwww.exploit-db.com/exploits/15013no verificadoexploitdbwww.exploit-db.com/exploits/10353no verificadoexploitdbwww.exploit-db.com/exploits/11079no verificado⚠ Recursos públicos, para evaluar la exposición de sistemas que controlas o estás autorizado a probar. Prueba solo con autorización.
Referencias
http://secunia.com/advisories/33791http://secunia.com/advisories/33817https://www.exploit-db.com/exploits/7958https://www.exploit-db.com/exploits/7973https://www.exploit-db.com/exploits/7974http://www.securityfocus.com/archive/1/500652/100/0/threadedhttp://www.securityfocus.com/bid/33589http://www.vupen.com/english/advisories/2009/0316