Description
Multiple off-by-one errors in NMMediaServerService.dll in Nero MediaHome 4.5.8.0 and earlier allow remote attackers to cause a denial of service (crash) via a long string in the (1) request line or (2) HTTP Referer header to TCP port 54444, which triggers a heap-based buffer overflow.
Exploits (1)
exploitdb
WORKING POC
by High-Tech Bridge SA · textdoswindows
https://www.exploit-db.com/exploits/24022
References (7)
Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/81103
Exploit vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/57253
Third Party Advisory mailing-list
x_refsource_bugtraq
http://archives.neohapsis.com/archives/bugtraq/2013-01/0037.html
Exploit exploit
x_refsource_exploit-db
http://www.exploit-db.com/exploits/24022
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/89150
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/89149
Vendor Advisory x_refsource_misc
https://www.htbridge.com/advisory/HTB23130
Scores
EPSS
0.2069
EPSS Percentile
95.6%
Details
CWE
CWE-189
Status
published
Products (1)
nero/mediahome
< 4.5.8.0
Published
May 30, 2014
Tracked Since
Feb 18, 2026