The jetAudio Flaws You Need To Read About

There is one thing that many people can't live without and it is not air or water. It is something that penetrates not only the mind but also the soul. Can you guess what I am talking about? I am talking about music, it is something some people can't seem to go a day without. Modern technology, computers and the wonderful audio world of music have come together and released some wonderful products which contain top of the range features. A company called COWON America has done just that and has released some fantastic products. The unfortunate thing pertaining to these wonderful products is that one specific product called jetAudio was found to have a vulnerability.

JetAudio 7 is the latest released version from the jetAudio product range. This includes a device manager, tag and image editing, as well as convenient tag editing. The features I have described are just some features that set this version apart from previous ones. It also includes powerful audio and video play as well as a conversion feature. JetAudio works with Windows operating systems; this includes Windows Vista that contains these files: actionqueue.dll, apds.dll and diager.dll.

Unfortunately the vulnerability that Jet audio is prone to is a remote buffer overflow vulnerability. This is due to the factor that the application isn't actually able to check the user supplied data efficiently, prior to copying it an incorrectly sized buffer. This occurs while the processing of the M3U files is taking place. For those of you who may be uncertain, the M3U file is an ordinary text file format that contains the specific locations of one or more media files that the media player can play. One of the popular uses for the M3U file format is to create specific playlist files.

The bad news is that if online attackers can successfully exploit this vulnerability in an affected system, execution of arbitrary code could take place. This presents affected jetAudio users with a dangerous problem that it is best to avoid at all costs.

You are probably wondering which versions of jetAudio have been affected by this vulnerability? The specific versions that are affected include version 7.0.3 and jetAudio Plus version 7.1.9.4030. It is vital for users to know that older versions are also at risk of being affected. Sadly, I am unaware of any available solutions at this current point in time.

I would like to leave you with this quote in conclusion:"The simple fact is that without supporting directives or a mechanism for feedback, security is defined differently by each person and verified by no one. There is no metric for compliance with a "culture", and a "culture of security" is overridden by a culture of "get the job done" every time. If there are rules, write them down. If technology is put in place to implement or monitor the rules, write that down too. If people break the rules, follow up. If the rules prevent legitimate business from getting done, change them. It's that simple."-Wikiquotes