HTTP: PLS Malformed File Format

This signature detects attempts to exploit flaws in PLS file format. Standards are defined for representing a pls file. Any deviation from it can be an indication of malicious activity. This kind of behavior is mostly noticeable from exploits created using Metasploit Framework.

Extended Description

Multiple MultiMedia Soft components are prone to a stack-based buffer-overflow vulnerability because they fail to perform adequate boundary checks on user-supplied input. Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the applications using the vulnerable components. Failed exploit attempts will cause denial-of-service conditions. The following components are vulnerable: Audio DJ Studio for .NET Audio Sound Recorder for .NET Audio Sound Editor for .NET Audio Sound Suite for .NET Audio Sound Studio for .NET NOTE: This BID was initially titled 'Euphonics '.pls' File Buffer Overflow Vulnerability' but has been updated because more details are now available. Euphonics 1.0 is vulnerable because it uses a vulnerable version of one of the MultiMedia Soft components.

Affected Products

Euphonics euphonics

Short Name
HTTP:STC:DL:MAL-PLS
Severity
Minor
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2009-0476 CVE-2009-4656 File Format Malformed PLS bid:33589 bid:41332
Release Date
11/15/2011
Supported Platforms

srx-branch-12.3

srx-19.3

srx-branch-19.3

vsrx3bsd-19.2

srx-branch-19.4

vsrx-19.4

mx-12.3

mx-19.4

vmx-19.4

mx-19.3

vsrx3bsd-19.4

srx-19.4

vsrx-12.3

vmx-19.3

vsrx-19.2

srx-12.3

Sigpack Version
3336
False Positive
Unknown
Vendors

Euphonics

Multimedia_soft

CVSS Score

9.3

Found a potential security threat?