Internet threat level: 1
Home→Descriptions→SA49008
Remote-Anything Player Movie Processing Code Execution Vulnerability
| Secunia ID | |
| CVE-ID | |
| Release Date |
01 May 2012 |
| Last Change |
03 Aug 2012 |
| Criticality | |
| Solution Status |
Unpatched |
| Software |
Remote-Anything 5.x |
| Where | |
| Impact |
System accessThis covers vulnerabilities where malicious people are able to gain system access and execute arbitrary code with the privileges of a local user. |
| Description |
A vulnerability has been discovered in Remote-Anything, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an error within the Player utility when viewing a movie file and can be exploited to cause a buffer overflow via a specially crafted ".flm" file. Successful exploitation allows execution of arbitrary code, but requires tricking a user into opening a malicious movie file. The vulnerability is confirmed in version 5.60.15. Other versions may also be affected. |
| Solution |
Do not open files from untrusted sources. |
| Reported by |
Saint Patrick |
© 1997-2013 Kaspersky Lab ZAO. All Rights Reserved.
Industry-leading Antivirus Software.
Registered trademarks and service marks are the property of their respective owners.
The authors' opinions do not necessarily reflect the official positions of Kaspersky Lab.