Sights 'n Sounds Streaming Media Server version 2.0.3.a appears susceptible to a buffer overflow condition when passed a string greater than 1200 characters.
e25fc1743a397c3ec22c97ad11c8167b3f140c70604c0735cc4d804553649b57
Sights 'n Sounds Streaming Media Server 2.0.3.a Buffer overflow
----------------------------------------------------------
Download url:
http://www.download.com/Sights-n-Sounds-Streaming-Media-Server/3000-2168_4-10247732.html
Release Date:
10/12/2005
Severity:
high
Description:
"Sights 'n Sounds is a simple and fun to use Streaming Media Server. It allows anyone to stream music and
video files to all the computers in their house or over even stream content over the Internet. Sights 'n
Sounds also manages all your digital photographs. Pages are automatically created complete with thumbnails.
Access to your music, video, and pictures is through a standard Internet browser such as Netscape or IE. You
can even password protect your site so that only your friends and family can access it. All of your music,
video, and photographs are stored on your own computer so there are no special services to sign up for and no
site to send your files to. Sights 'n Sounds gives you the power that up till now has been reserved for the
audio/video professional but is simple enough to set up that even a computer novice will find it intuitive.
All you need to do is drag and drop your files in to the Sights 'n Sounds folder. That?s all there is to it!
Give it a try today. "
Vulnerability Analysis:
A buffer overflow vulnerability exists in the Sights 'n Sound built in Web server MediaServerListing.exe that may
allow a remote user to compromise a remote system by supplying as an argument to the mediaserverlisting.exe
a long string of 1200 characters.
example:
http://[host]/MediaServerListing.exe?[long_string]
This will crash the SWS.exe service.
credit:
dr_insane