Sony today announced the release of a security update program to address potential security vulnerability resulting from a buffer overflow in some versions of SonicStageCP® music management software, announced on November 7, 2007. SonicStage® users are requested to download the security update program in accordance with the following procedures.
Version of SonicStage® subjected to security update
SonicStage® CP (SonicStage® Versions 4.0/4.1/4.2/4.3)
*Upgraded SonicStage® versions are also subjected to this security update.
Description of update
This security update program fixes a potential buffer overflow when importing certain malicious play list (m3u) files that could cause the above listed versions of SonicStage® to crash and execute an arbitrary code.
Sony gives credit to Secunia for discovering and reporting this issue.
Please access the links below to download the security update programs for the respective products.
*CVE (Common Vulnerabilities and Exposures) is a vulnerabilities issue list identification number.