indeego Posted October 30, 2007 Report Share Posted October 30, 2007 source http://www.heise-security.co.uk/news/98181Sony's SonicStage CP allows code injectionSony uses SonicStage CP software for loading its MP3 players. However, the application processes crafted playlists incorrectly, so that attackers can inject and execute external code.According to a security advisory from Secunia, the security vulnerability was discovered by Parvez Anwar. If a .m3u playlist contains an entry with more than 1000 characters, a buffer overflow can occur. A sample program which is meant to demonstrate the vulnerability has now appeared on milw0rm.The bug apparently affects the current version 4.3 of SonicStage CP and possibly previous versions. No update is yet available, so users of this software should not open .m3u playlists for the time being.# Sample program demonstrating the vulnerability on milw0rm# Sony CONNECT Player M3U Playlist Processing Buffer Overflow, security advisory from Secunia Quote Link to comment Share on other sites More sharing options...
Shinji Ikeda Posted October 30, 2007 Report Share Posted October 30, 2007 source http://www.heise-security.co.uk/news/98181So according to the announcement, and doing some testing: If you import an M3U infected playlist into SonicStage, SonicStage does not have security measures to prevent you computer for being hacked. I honestly believe that Sony should correct this problem, not because it is serious, but just to prove that they care about their customers.On first reading, it did not make sense since SonicStage does not use M3U files for playlist. However after doing some testing I was able to determine that it is may be possible to create an M3U file to import your MP3 files. This can be exploited to cause a stack-based buffer overflow via a specially crafted playlist file containing an overly long file name (greater than 1000 characters). I can understand why Sony might of ignored this problem.I am wondering how many of you use M3U playlist to import tracks into SonicStage. Quote Link to comment Share on other sites More sharing options...
pata2001 Posted October 30, 2007 Report Share Posted October 30, 2007 [sarcasm]Oh c'mon, if Sony fix this, how would they inject their rootkit trojans into consumers' PCs then?[/sarcasm]Yeah, not related, but Sony and security? With the phasing out of Sonicstage, Sony probably won't do anything. I don't think there are that many users affected or even use Sonicstage for a hacker to be interested in exploiting the flaw. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.