Roxio Creator 9.x <= 9.0.136 Image Handling Integer Overflow

High Nessus Plugin ID 70144


The remote Windows host has an application that is affected by an integer overflow vulnerability.


According to its version, the Roxio Creator install on the remote host is 9.x earlier than or equal to 9.0.136. It is, therefore, affected by an integer overflow vulnerability related to image handling that could allow arbitrary code execution.


Upgrade to Roxio Creator 2010 SP1 or later.

See Also

Plugin Details

Severity: High

ID: 70144

File Name: roxio_creator_img_overflow.nasl

Version: $Revision: 1.3 $

Type: local

Agent: windows

Family: Windows

Published: 2013/09/26

Modified: 2016/11/02

Dependencies: 70143

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

CPE: cpe:/a:roxio:creator, cpe:/a:roxio:easy_media_creator

Required KB Items: SMB/Registry/Enumerated, SMB/roxio_creator/Installed

Exploit Available: false

Exploit Ease: No known exploits are available

Patch Publication Date: 2009/10/26

Vulnerability Publication Date: 2009/12/02

Reference Information

CVE: CVE-2009-1566

BID: 37183

OSVDB: 60585

Secunia: 36069

IAVA: 2009-A-0133

CWE: 189