Signature Detail

HTTP: PLS Malformed File Format

This signature detects attempts to exploit flaws in PLS file format. Standards are defined for representing a pls file. Any deviation from it can be an indication of malicious activity. This kind of behavior is mostly noticeable from exploits created using Metasploit Framework.

Extended Description

Multiple MultiMedia Soft components are prone to a stack-based buffer-overflow vulnerability because they fail to perform adequate boundary checks on user-supplied input. Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the applications using the vulnerable components. Failed exploit attempts will cause denial-of-service conditions. The following components are vulnerable: Audio DJ Studio for .NET Audio Sound Recorder for .NET Audio Sound Editor for .NET Audio Sound Suite for .NET Audio Sound Studio for .NET NOTE: This BID was initially titled 'Euphonics '.pls' File Buffer Overflow Vulnerability' but has been updated because more details are now available. Euphonics 1.0 is vulnerable because it uses a vulnerable version of one of the MultiMedia Soft components.

Affected Products

• Euphonics euphonics 1.0
• Multimedia_soft audio_dj_studio_for_.net
• Multimedia_soft audio_sound_editor_for_.net
• Multimedia_soft audio_sound_recorder_for_.net
• Multimedia_soft audio_sound_studio_for_.net
• Multimedia_soft audio_sound_suite_for_.net

References

• BugTraq: 33589
• BugTraq: 41332
• CVE: CVE-2009-0476
• CVE: CVE-2009-4656
• URL: http://en.wikipedia.org/wiki/PLS_(file_format)