[NT] Vypress Tonecast Broadcast Shutdown (Crash)

From: SecuriTeam (support_at_securiteam.com)
Date: 10/25/04

  • Next message: SecuriTeam: "[NT] How to Break Windows XP SP2 (Drag and Drop Media Files) - Proof of Concept" 
    To: list@securiteam.com
Date: 25 Oct 2004 16:17:35 +0200

    The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com
    - - promotion

    The SecuriTeam alerts list - Free, Accurate, Independent.

    Get your security news from a reliable source.
    http://www.securiteam.com/mailinglist.html

    - - - - - - - - -

      Vypress Tonecast Broadcast Shutdown (Crash)
    ------------------------------------------------------------------------

    SUMMARY

    " <http://www.vypress.com/products/tonecast/> Vypress Tonecast is
    high-fidelity audio streaming software for local area networks. Vypress
    Tonecast allows you to easily setup and utilise your own radio
    broadcasting over an existing LAN infrastructure without the need for
    additional hardware or complex heaped software systems."

    Vypress Tonecast consists of two modules: a server module that broadcasts
    the audio over the network and a client module which receives the audio.
    The client module does not handle malformed streams correctly and crashes
    immediately both in standalone mode and as a Winamp plugin.

    DETAILS

    Vulnerable Systems:
     * Vypress Tonecast version 1.3 and prior

    Upon receiving a malformed stream the client module of Vypress tonecast
    will crash. This behavior is common to both the client program and the
    Winamp plugin.

    A proof of concept example has been provided by Luigi and is available for
    download at <http://aluigi.altervista.org/poc/toneboom.zip>
    http://aluigi.altervista.org/poc/toneboom.zip

    ADDITIONAL INFORMATION

    The information has been provided by <mailto:aluigi@autistici.org> Luigi
    Auriemma.

    ========================================

    This bulletin is sent to members of the SecuriTeam mailing list.
    To unsubscribe from the list, send mail with an empty subject line and body to: list-unsubscribe@securiteam.com
    In order to subscribe to the mailing list, simply forward this email to: list-subscribe@securiteam.com

    ====================
    ====================

    DISCLAIMER:
    The information in this bulletin is provided "AS IS" without warranty of any kind.
    In no event shall we be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages.

  • Next message: SecuriTeam: "[NT] How to Break Windows XP SP2 (Drag and Drop Media Files) - Proof of Concept"