[原文]Buffer overflow in jetAudio 220.127.116.1130 (Basic), and possibly other versions, allows user-assisted attackers to execute arbitrary code via an audio file (such as WMA) with long ID Tag values including (1) Title, (2) Author, and (3) Album, which triggers the overflow in the tooltip display string if the sound card driver is disabled or incorrectly installed.
Loss of Confidentiality,
Loss of Integrity,
Loss of Availability
jetAudio is prone to an overflow condition. The program fails to properly sanitize user-supplied input when creating a "tooltop" display string, resulting in a stack-based buffer overflow. With a audio file containing specially crafted ID Tag information, a remote attacker can potentially execute arbitrary code.
Currently, there are no known upgrades or patches to correct this vulnerability. It is possible to temporarily work around the flaw by implementing the following workaround: Ensure the sound driver is enabled and correctly installed.
jetAudio is prone to a remote buffer-overflow vulnerability.
The vulnerability presents itself when the application handles a malicious audio file.
A successful exploit may allow an attacker to gain unauthorized remote access in the context of an affected user.
jetAudio version 18.104.22.16830 Basic is reported vulnerable. Other versions may be affected as well.
Currently we are not aware of any exploits for this issue. If you feel we are in error or are aware of more recent information, please mail us at: firstname.lastname@example.org
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: email@example.com:firstname.lastname@example.org.