CVE-2011-5006 : Stack-based buffer overflow in QQPlayer 3.2.845 allows remote attackers to execu

Stack-based buffer overflow in QQPlayer 3.2.845 allows remote attackers to execute arbitrary code via a crafted PnSize value in a MOV file.

Published 2011-12-25 01:55:05

Updated 2012-02-17 04:10:49

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Products affected by CVE-2011-5006

Qqplayer » Qqplayer » Version: 3.2.845
cpe:2.3:a:qqplayer:qqplayer:3.2.845:*:*:*:*:*:*:*
Matching versions

EPSS FAQ

41.07%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 97 %

Percentile, the proportion of vulnerabilities that are scored at or less

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
9.3	HIGH	AV:N/AC:M/Au:N/C:C/I:C/A:C	8.6	10.0	NIST
Access Vector: Network Access Complexity: Medium Authentication: None Confidentiality Impact: Complete Integrity Impact: Complete Availability Impact: Complete

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

Assigned by: nvd@nist.gov (Primary)

http://www.securityfocus.com/bid/50739

QQ Player 'PnSize' Value Buffer Overflow Vulnerability
http://www.exploit-db.com/exploits/18137

QQPLAYER Player 3.2 - PICT PnSize Buffer Overflow Windows (ASLR + DEP Bypass) (Metasploit) - Windows_x86 local Exploit
Exploit

Jump to