s8Tunes Playlist Heap Buffer Overflow

Solutionary ID: SERT-VDN-1014

Risk Rating: Medium

CVE ID: CVE-2013-6240

Product: s8Tunes

Application Vendor: Tatsuaki Kuroda

Vendor URL: http://www1.ocn.ne.jp/~tuner/tuner_e.html

Date discovered: 10/22/2013

Vendor response date: 10/23/2013

Vendor acknowledgment date: No Response

Public disclosure date: 12/06/2013

Type of vulnerability: Buffer Overflow

Exploit Vectors: Local

Vulnerability Description: s8Tunes does not limit the size of input for its playlist. An attacker can cause a buffer overflow and execute arbitrary code on the system.

Tested on: Windows XP SP3 and s8Tunes version 10.8

Affected software versions: 10.8

Impact: The vulnerability will allow and attacker can run arbitrary code on the system under the context of the user running the application.

Fixed in: Not Fixed

Remediation guidelines: Update the software should a patch become available.