1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Web Attack: CyberLink Power2Go Stack Buffer Overflow

Web Attack: CyberLink Power2Go Stack Buffer Overflow

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects attempts to exploit a stack buffer overflow vulnerability in Power2Go which may lead to arbitrary code execution.

Additional Information

Power2Go is burning software for all media.

Power2Go is prone to the following buffer-overflow vulnerabilities:

1. A stack-based buffer-overflow vulnerability exists in the Power2Go project editor when handling crafted P2G files.

2. A stack-based buffer-overflow vulnerability exists in the WaveEditor project editor when handling crafted WVE files.

Remote attackers can exploit these issues by enticing an unsuspecting user into opening maliciously crafted files.

Successful exploits will allow attackers to execute arbitrary code within the context of the affected application. Failed exploit attempts will likely result in a denial of service.

Affected

  • Power2Go 8.0.0.1031 is vulnerable; other versions may also be affected.

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube