Short Name |
HTTP:STC:DL:MAL-PLS |
---|---|
Severity |
Minor |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
PLS Malformed File Format |
Release Date |
2011/11/15 |
Update Number |
2030 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-11.4+, srx-12.1+, srx-branch-12.1+, vmx-17.4+, vsrx-12.1+, vsrx3bsd-18.2+ |
This signature detects attempts to exploit flaws in PLS file format. Standards are defined for representing a pls file. Any deviation from it can be an indication of malicious activity. This kind of behavior is mostly noticeable from exploits created using Metasploit Framework.
Multiple MultiMedia Soft components are prone to a stack-based buffer-overflow vulnerability because they fail to perform adequate boundary checks on user-supplied input. Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the applications using the vulnerable components. Failed exploit attempts will cause denial-of-service conditions. The following components are vulnerable: Audio DJ Studio for .NET Audio Sound Recorder for .NET Audio Sound Editor for .NET Audio Sound Suite for .NET Audio Sound Studio for .NET NOTE: This BID was initially titled 'Euphonics '.pls' File Buffer Overflow Vulnerability' but has been updated because more details are now available. Euphonics 1.0 is vulnerable because it uses a vulnerable version of one of the MultiMedia Soft components.