Vulnerability Details : CVE-2013-7186
Buffer overflow in Steinberg MyMp3PRO 5.0 (Build 5.1.0.21) allows remote attackers to execute arbitrary code via a long string in a .m3u file.
Vulnerability category: OverflowExecute code
Products affected by CVE-2013-7186
- cpe:2.3:a:steinberg:mymp3pro:5.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2013-7186
22.13%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 96 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2013-7186
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
9.3
|
HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
8.6
|
10.0
|
NIST |
CWE ids for CVE-2013-7186
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-7186
-
http://www.exploit-db.com/exploits/30032
Steinberg MyMp3PRO 5.0 - Local Buffer Overflow (SEH) (DEP Bypass + ROP) - Windows local ExploitExploit
-
http://packetstormsecurity.com/files/124282
Steinberg MyMp3PRO 5.0 Buffer Overflow ≈ Packet StormExploit
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/89468
Steinberg MyMp3PRO SEH buffer overflow CVE-2013-7186 Vulnerability Report
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/89454
Steinberg MyMp3PRO .m3u buffer overflow CVE-2013-7186 Vulnerability Report
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/89469
Steinberg MyMp3PRO DEP bypass buffer overflow CVE-2013-7186 Vulnerability Report
-
http://packetstormsecurity.com/files/124283
Steinberg MyMp3PRO 5.0 DEP Bypass With ROP ≈ Packet StormExploit
-
http://packetstormsecurity.com/files/124284
Steinberg MyMp3PRO 5.0 SEH Buffer Overflow ≈ Packet StormExploit
Jump to