CVE-2013-3259 - Vulnerability Details - OpenCVE

Stack-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 allows remote attackers to execute arbitrary code via a large biClrUsed value in a BMP file.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Inmatrix	Zoom Player

Configuration 1 [-]

OR	cpe:2.3:a:inmatrix:zoom_player::::::::
	cpe:2.3:a:inmatrix:zoom_player:8.00:::::::*
	cpe:2.3:a:inmatrix:zoom_player:8.1.1:::::::*
	cpe:2.3:a:inmatrix:zoom_player:8.1.5:::::::*
	cpe:2.3:a:inmatrix:zoom_player:8.1.6:::::::*
	cpe:2.3:a:inmatrix:zoom_player:8.5:::::::*
	cpe:2.3:a:inmatrix:zoom_player:8.6:::::::*
	cpe:2.3:a:inmatrix:zoom_player:8.10:::::::*

No data.

References

Link	Providers
http://osvdb.org/94037
http://secunia.com/advisories/52698
http://www.securityfocus.com/bid/60418
https://exchange.xforce.ibmcloud.com/vulnerabilities/84835

History

No history.

MITRE

Status: PUBLISHED

Assigner: flexera

Published: 2014-03-03T16:00:00

Updated: 2024-08-06T16:07:36.650Z

Reserved: 2013-04-22T00:00:00

Link: CVE-2013-3259

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2014-03-03T16:55:03.773

Modified: 2025-04-12T10:46:40.837

Link: CVE-2013-3259

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2013-06-07T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 allows remote attackers to execute arbitrary code via a large biClrUsed value in a BMP file."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-28T12:57:01", "orgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "shortName": "flexera"}, "references": [{"name": "60418", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/60418"}, {"name": "52698", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/52698"}, {"name": "zoomplayer-cve20133259-bmp-bo(84835)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84835"}, {"name": "94037", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://osvdb.org/94037"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "PSIRT-CNA@flexerasoftware.com", "ID": "CVE-2013-3259", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 allows remote attackers to execute arbitrary code via a large biClrUsed value in a BMP file."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "60418", "refsource": "BID", "url": "http://www.securityfocus.com/bid/60418"}, {"name": "52698", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/52698"}, {"name": "zoomplayer-cve20133259-bmp-bo(84835)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84835"}, {"name": "94037", "refsource": "OSVDB", "url": "http://osvdb.org/94037"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-06T16:07:36.650Z"}, "title": "CVE Program Container", "references": [{"name": "60418", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/60418"}, {"name": "52698", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/52698"}, {"name": "zoomplayer-cve20133259-bmp-bo(84835)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84835"}, {"name": "94037", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://osvdb.org/94037"}]}]}, "cveMetadata": {"assignerOrgId": "44d08088-2bea-4760-83a6-1e9be26b15ab", "assignerShortName": "flexera", "cveId": "CVE-2013-3259", "datePublished": "2014-03-03T16:00:00", "dateReserved": "2013-04-22T00:00:00", "dateUpdated": "2024-08-06T16:07:36.650Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:inmatrix:zoom_player:*:*:*:*:*:*:*:*", "matchCriteriaId": "685323F8-E7B2-4B7C-B036-02C3C4CD5B37", "versionEndIncluding": "8.6.1", "vulnerable": true}, {"criteria": "cpe:2.3:a:inmatrix:zoom_player:8.00:*:*:*:*:*:*:*", "matchCriteriaId": "818A714F-D2D8-4F3F-AF5F-5939C3B3BA1C", "vulnerable": true}, {"criteria": "cpe:2.3:a:inmatrix:zoom_player:8.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "8CA87325-3920-4761-A3E2-A5E1A93490DE", "vulnerable": true}, {"criteria": "cpe:2.3:a:inmatrix:zoom_player:8.1.5:*:*:*:*:*:*:*", "matchCriteriaId": "333C7306-AD91-4594-8406-C22AB6A0EA83", "vulnerable": true}, {"criteria": "cpe:2.3:a:inmatrix:zoom_player:8.1.6:*:*:*:*:*:*:*", "matchCriteriaId": "2AB1D0D3-05E1-43C8-B611-6C01D193E57F", "vulnerable": true}, {"criteria": "cpe:2.3:a:inmatrix:zoom_player:8.5:*:*:*:*:*:*:*", "matchCriteriaId": "A2435104-86EA-42F0-B0A1-52F6C4843006", "vulnerable": true}, {"criteria": "cpe:2.3:a:inmatrix:zoom_player:8.6:*:*:*:*:*:*:*", "matchCriteriaId": "39C9BF54-8EAE-40CA-A814-6AF66FB98020", "vulnerable": true}, {"criteria": "cpe:2.3:a:inmatrix:zoom_player:8.10:*:*:*:*:*:*:*", "matchCriteriaId": "221AE60F-31CE-42FF-AC92-9D8665DE136B", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in INMATRIX Zoom Player before 8.7 beta 11 allows remote attackers to execute arbitrary code via a large biClrUsed value in a BMP file."}, {"lang": "es", "value": "Desbordamiento de buffer basado en pila en INMATRIX Zoom Player anterior a 8.7 beta 11 permite a atacantes remotos ejecutar c\u00f3digo arbitrario a trav\u00e9s de un valor biClrUsed grande en un archivo BMP."}], "id": "CVE-2013-3259", "lastModified": "2025-04-12T10:46:40.837", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2014-03-03T16:55:03.773", "references": [{"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://osvdb.org/94037"}, {"source": "PSIRT-CNA@flexerasoftware.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/52698"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "http://www.securityfocus.com/bid/60418"}, {"source": "PSIRT-CNA@flexerasoftware.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84835"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://osvdb.org/94037"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/52698"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/60418"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/84835"}], "sourceIdentifier": "PSIRT-CNA@flexerasoftware.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}