Vulnerability Details : CVE-2013-7280
Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to cause a denial of service (crash) via a long string in a .m3u file.
Vulnerability category: OverflowDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-7280
Probability of exploitation activity in the next 30 days: 47.14%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 97 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2013-7280
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
4.3
|
MEDIUM | AV:N/AC:M/Au:N/C:N/I:N/A:P |
8.6
|
2.9
|
NIST |
CWE ids for CVE-2013-7280
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-7280
-
http://www.exploit-db.com/exploits/24556
Hanso Player 2.1.0 - '.m3u' Buffer Overflow - Windows dos ExploitExploit
-
http://packetstormsecurity.com/files/120611/Hanso-Player-2.1.0-Buffer-Overflow.html
Hanso Player 2.1.0 Buffer Overflow ≈ Packet StormExploit
-
http://www.exploit-db.com/exploits/29445
Hanso Player 2.5.0 - 'm3u' Buffer Overflow (Denial of Service) - Windows dos ExploitExploit
-
http://www.securityfocus.com/bid/58251
Hanso Player '.m3u' File Remote Buffer Overflow Vulnerability
Products affected by CVE-2013-7280
- cpe:2.3:a:hansotools:hanso_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:hansotools:hanso_player:2.1.0:*:*:*:*:*:*:*