Nero MediaHome Multiple Remote DoS Vulnerabilities
|Vulnerable Versions:||126.96.36.199 and probably prior|
|Tested Version:||188.8.131.52 in Windows 7 SP1|
|Advisory Publication:||November 21, 2012 [without technical details]|
|Vendor Notification:||November 21, 2012|
|Public Disclosure:||January 9, 2013|
|Latest Update:||January 30, 2013|
|Vulnerability Type:||Off-by-One Error [CWE-193]|
NULL Pointer Dereference [CWE-476]
|CVSSv2 Base Scores:||3.3 (AV:A/AC:L/Au:N/C:N/I:N/A:P)|
|Discovered and Provided:||1) High-Tech Bridge Security Research Lab|
2) Risk Based Security
High-Tech Bridge Security Research Lab has discovered multiple DoS vulnerabilities in Nero Media Home server, which could be exploited by a malicious person to crash the server remotely.
|Vendor last response (January 9, 2013):|
"Nero Media Home 4 is not maintained anymore since 2009/10 so at the moment we do not have the resources to fix this problem very soon."
As a temporary solution it is advised to remove the vulnerable application from your system.
| High-Tech Bridge Advisory HTB23130 - https://www.htbridge.com/advisory/HTB23130 - Nero MediaHome Server Multiple Remote DoS vulnerabilities.|
 Nero - http://www.nero.com - Nero MediaHome server easily distributes music, videos and photos over your network.
 Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures.
 Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types.
Please feel free to send us any additional information related to this Advisory, such as vulnerable versions, additional exploitation details and conditions, patches and other relevant details.