CVE-2009-2617

Description

Stack-based buffer overflow in medialib.dll in BaoFeng Storm 3.9.62 allows remote attackers to execute arbitrary code via a long pathname in the source attribute of an item element in a .smpl playlist file.

Affected products

• baofeng / storm3.9.62 – 3.9.62

References

• MAILING_LISThttp://marc.info/?l=full-disclosure&m=124624413120440&w=2
• MISChttp://www.securityfocus.com/bid/35512
• VENDOR_ADVISORYhttp://secunia.com/advisories/35592
• MAILING_LISThttp://marc.info/?l=full-disclosure&m=124627617220913&w=2