Solutionary ID: SERT-VDN-1014
Risk Rating: Medium
CVE ID: CVE-2013-6240
Application Vendor: Tatsuaki Kuroda
Vendor URL: http://www1.ocn.ne.jp/~tuner/tuner_e.html
Date discovered: 10/22/2013
Vendor response date: 10/23/2013
Vendor acknowledgment date: No Response
Public disclosure date: 12/06/2013
Type of vulnerability: Buffer Overflow
Exploit Vectors: Local
Vulnerability Description: s8Tunes does not limit the size of input for its playlist. An attacker can cause a buffer overflow and execute arbitrary code on the system.
Tested on: Windows XP SP3 and s8Tunes version 10.8
Affected software versions: 10.8
Impact: The vulnerability will allow and attacker can run arbitrary code on the system under the context of the user running the application.
Fixed in: Not Fixed
Remediation guidelines: Update the software should a patch become available.