Denial of Service Vulnerability in Sony PLAYSTATION 3 Web Browser
CVE-2009-2541

7.5HIGH

Key Information:

Vendor

Sony

Status
Playstation 3
Vendor
CVE Published:
20 July 2009

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2009-2541?

The Sony PLAYSTATION 3 web browser is susceptible to a denial of service attack that could be triggered by remote attackers. By manipulating the length property of a Select object with a large integer value, attackers can cause significant memory consumption, resulting in the console hanging. This vulnerability is related to a broader issue affecting multiple platforms and underscores the importance of robust web browser security on gaming consoles.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2009-2541 - Proof of Concept

References

http://www.g-sec.lu/one-bug-to-rule-them-all.html
x_refsource_MISC
https://exchange.xforce.ibmcloud.com/vulnerabilities/52875
vdb-entryx_refsource_XF
http://www.securityfocus.com/archive/1/504988/100/0/threaded
mailing-listx_refsource_BUGTRAQ

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 🟡

    Public PoC available

  • 👾

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.