ALCATech's BPM Studio Pro Audio Mixer Can Be Crashed By Remote Users
|
|
SecurityTracker Alert ID: 1003682 |
|
SecurityTracker URL: http://securitytracker.com/id/1003682
|
|
CVE Reference:
GENERIC-MAP-NOMATCH
(Links to External Site)
|
Date: Feb 27 2002
|
Impact:
Denial of service via network
|
Exploit Included: Yes
|
Version(s): 4.2
|
Description:
A vulnerability was reported in ALCATech's BPM Studio Pro audio mixer software. A remote user can cause the software to crash.
It is reported that a remote user can send a special HTTP request to the web-based management port to cause the system to crash. The following request will reportedly trigger the vulnerability:
http://BPM-HOST/con/con
It is reported that the remote management http server is not activated by default.
|
Impact:
A rmeote user can cause the system to crash.
|
Solution:
No solution was available at the time of this entry.
|
Vendor URL: www.bpmstudio.com/html/rebuild.php?src=products_pro.html (Links to External Site)
|
Cause:
Exception handling error
|
Underlying OS:
Windows (Me), Windows (95), Windows (98)
|
|
Message History:
None.
|
Source Message Contents
|
Date: Wed, 27 Feb 2002 07:00:39 -0300
Subject: BPM STUDIO PRO 4.2 DOS DEVICE PATH VULNERABILITY
|
Hi Bugtraq !!
BPM STUDIO PRO 4.2 is one of the most famous mp3 mixer and player and it has
an http server implementation for manage the player via the web browser.
Unfortunatly, when you perform a simple http request like:
http://BPM-HOST/con/con
you can crash instantly non-patched Win9x host with a simple Blue Screen !!
HTTP daemon is not activated by default
bye bye
-----------------------------------------------
][-][UNTER
Infobyte Security Research Crew
Buenos Aires, Argentina
-----------------------------------------------
|
|
