| Title: | Sony SonicStage Mastering Studio Project File Import Buffer Overflow | |
| Announcement date: | 16 August 2006 | |
| Advisory Reference: | ptl-2006-01 | |
| VU Number: | VU#697761 | |
| Products: | SonicStage Mastering Studio (Sony) | |
| Vulnerability Type: | Buffer Overflow | |
| Vendor-URL: | http://www.vaio.sony-europe.com | |
| Vendor-Status: | Patch Released | |
| Remotely Exploitable: | Yes (User Complicit) | |
| Locally Exploitable: | Yes | |
| Advisory URL (Europe): | http://kb.sony-europe.com/KB/Solutions/EN/V00000_V00499/v00244.html | |
| Advisory URL (Japan): | http://vcl.vaio.sony.co.jp/notices/security/info196.html | |
| Advisory URL (USA): | http://esupport.sony.com/perl/swu-download.pl?upd_id=2194&SMB=YES (Version 2.2) | |
| http://esupport.sony.com/perl/swu-download.pl?upd_id=2193&SMB=YES (Version 1.4) | ||
| http://esupport.sony.com/perl/swu-download.pl?upd_id=2192&SMB=YES (Version 1.2) | ||
| Advisory URL (Asia): | http://www.css.ap.sony.com/VAIO/Website/General/ImportantNotices.aspx?file=/vaio/importantnotice/security_notice/SecurityNotice_SSMS.htm |
A remotely exploitable buffer overflow vulnerability exists within the project file (.smp file) importation functionality of Sony's SonicStage Mastering Studio Software. It is possible to make the SonicStage Mastering Studio software execute arbitrary code in the context of the current user.
The following versions are affected by this vulnerability:
SonicStage Mastering Studio 1.1.00, 1.2.00, 1.2.01, 1.2.02, 1.3.00, 1.4.00,
1.4.01, 1.4.02, 1.4.03, 2.0.00, 2.1.00, 2.1.01, 2.2.01
| 11-04-2006 - | Initial Pentest Limited Notification to Sony, without response |
| 13-04-2006 - | Vulnerablities reported to JPCERT/CC |
| 04-05-2006 - | Response from JPCERT/CC, indicating that Sony have confirmed the existence of the vulnerabilities |
| 26-06-2006 - | Sony begin distribution of patches to Japan, Asia, USA and Europe Locales |
Official fixes to the issues covered by this security advisory have been released. To implement the fix, install the relevant update for the version of SonicStage Mastering Studio in use by visiting the advisory URLs referenced above.
As a workaround prior to updating the SonicStage Mastering Studio software, project files from an untrusted source should not be imported.
These vulnerabilities were discovered by Joe Moore from Pentest Limited.
