Pentest Security Advisory : PTL-2006-01
Sony SonicStage Mastering Studio Project File Import Buffer Overflow

Advisory Details

Title: Sony SonicStage Mastering Studio Project File Import Buffer Overflow
Announcement date: 16 August 2006
Advisory Reference: ptl-2006-01
VU Number: VU#697761
Products: SonicStage Mastering Studio (Sony)
Vulnerability Type: Buffer Overflow
Vendor-Status: Patch Released
Remotely Exploitable: Yes (User Complicit)
Locally Exploitable: Yes
Advisory URL (Japan):

Vulnerability Description

A remotely exploitable buffer overflow vulnerability exists within the project file (.smp file) importation functionality of Sony's SonicStage Mastering Studio Software. It is possible to make the SonicStage Mastering Studio software execute arbitrary code in the context of the current user.

Vulnerable Versions

The following versions are affected by this vulnerability:
SonicStage Mastering Studio 1.1.00, 1.2.00, 1.2.01, 1.2.02, 1.3.00, 1.4.00, 1.4.01, 1.4.02, 1.4.03, 2.0.00, 2.1.00, 2.1.01, 2.2.01

Vendor Status

11-04-2006 - Initial Pentest Limited Notification to Sony, without response
13-04-2006 - Vulnerablities reported to JPCERT/CC
04-05-2006 - Response from JPCERT/CC, indicating that Sony have confirmed the existence of the vulnerabilities
26-06-2006 - Sony begin distribution of patches to Japan, Asia, USA and Europe Locales


Official fixes to the issues covered by this security advisory have been released. To implement the fix, install the relevant update for the version of SonicStage Mastering Studio in use by visiting the advisory URLs referenced above.

As a workaround prior to updating the SonicStage Mastering Studio software, project files from an untrusted source should not be imported.


These vulnerabilities were discovered by Joe Moore from Pentest Limited.

arrow morePTL-2006-02

PTL-2005-01arrow more

Security Services

Pentest offers a thorough, yet adaptive range of security services to help customers address vulnerabilities in their network or applications. Services include: Secure Coding Workshops, SAST tools, Manual Penetration Testing and Security Audits.

read more arrow more

Database Services

Pentest offers a complete Database Security Assessment Service (DSAS) to businesses that rely on the security of the information held within their databases or have concerns relating to the security compliance of these systems.

read more arrow more

© Copyright Pentest Limited 2001 - 2016 All Rights Reserved. Privacy statement