gkweb
join:2003-06-09
76800
| Media Player Classic AVI File Processing Buffer Overflow
quote:
TITLE:
Media Player Classic AVI File Processing Buffer Overflow
SECUNIA ADVISORY ID:
SA26806
VERIFY ADVISORY:
»secunia.com/advisories/26806/
CRITICAL:
Highly critical
IMPACT:
System access
WHERE:
>From remote
SOFTWARE:
Media Player Classic 6.x
»secunia.com/product/14824/
DESCRIPTION:
Code Audit Labs has discovered a vulnerability in Media Player
Classic, which can be exploited by malicious people to compromise a
vulnerable system.
The vulnerability is caused due to an input validation error when
processing .AVI files and can be exploited to cause a buffer overflow
via a .AVI file with a specially crafted "indx" chunk.
Successful exploitation allows execution of arbitrary code.
The vulnerability is confirmed in version 6.4.9.0. Other versions may
also be affected.
SOLUTION:
Do not open untrusted .AVI files.
PROVIDED AND/OR DISCOVERED BY:
Code Audit Labs
ORIGINAL ADVISORY:
»www.vulnhunt.com/advisories/CAL-···ties.txt
AVI files are very common, and there is no fix for now.
Regards,
gkweb.
--
Firewall tester : »www.firewallleaktester.com
*member of ASAP : Alliance of Security Analysis Professionals* |
|
jansson_mark
Markus Jansson
Premium
join:2001-08-05
Finland
| Again MPC vulnerability, and they havent even bothered to answer to my previous post on sourceforge about their last vulnerability. I guess its time to say byebye to MPC too...
--
My computer security & privacy related homepage »www.markusjansson.net
Use HushTools or GnuPG/PGP to encrypt any email before sending it to me to protect our privacy. |
|
gkweb
join:2003-06-09
76800
| Right now, it seems that even Microsoft Windows Media Player 11.x is more secure :
»secunia.com/product/11280/?task=advisories
1 advisory, 0 unpacthed.
Kind of surprising.
Regards,
gkweb.
--
Firewall tester : »www.firewallleaktester.com
*member of ASAP : Alliance of Security Analysis Professionals* |
|
