dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
1285

jansson_mark
Markus Jansson
Premium Member
join:2001-08-05
Finland

2 edits

jansson_mark

Premium Member

Media Player Classic vulnerability

I thought that MPC was pretty robust and secure. I always prefer it over WMP or even VideoLAN. Well, this is just one hole...
quote:
»secunia.com/advisories/26591/
Media Player Classic FLI File Processing Buffer Overflow
Secunia Advisory: SA26591
Release Date: 2007-08-24
Critical: Highly critical
Impact: System access
Where: From remote
Solution Status: Unpatched
Software: Media Player Classic 6.x
However, I wonder when (if ever?!?) it will be patched? The files havent been updated early 2006 so...maybe there hasnt been any need for? I already posted this on the Sourceforge:s page.

AB57
Premium Member
join:2006-04-04
equatorial

AB57

Premium Member

I've been trying to make head or tail out of this . . . .

I'm not sure I've ever had an .fli file opened on my computer in my lifetime. Or maybe I do all the time and just don't realize it?
I certainly don't use Autodesk, and this is also closely tied to Quicktime, it would appear, which I rarely use-- and also possibly only an Apple vulnerability and not Windows? (That would be tough to believe, however.)
I have no file association for .fli in my 'File Types' list on my machine either, which again leads me to believe it doesn't get used.

Is this then an actual real-world vulnerability or merely a theoretical vulnerability, would be my question.
Smells a bit like Chicken Little, but maybe I'm wrong.
ElJay
join:2004-03-17
Portland, ME

ElJay to jansson_mark

Member

to jansson_mark
I don't think I've seen a FLI animation in at least 10 years. I have a few sitting on floppies around here somewhere.

jansson_mark
Markus Jansson
Premium Member
join:2001-08-05
Finland

jansson_mark

Premium Member

Im not sure does this vulnerability also affect .FLC files...atleast I have dozens of those around (downloaded from youtube, google video, etc.).

Doctor Four
My other vehicle is a TARDIS
Premium Member
join:2000-09-05
Dallas, TX

Doctor Four to jansson_mark

Premium Member

to jansson_mark
I wonder if it also affects FLV video. There's a spam
going around lately that uses a javascript exploit to
get a virus on the viewer's computer:
»[Spam] New Youtube variant of virus

I don't use MPC for FLI files, only for OGMs, MKVs and a
few DVD VOBs here and there. And all of those I've gotten
from known safe sources.

AB57
Premium Member
join:2006-04-04
equatorial

AB57 to jansson_mark

Premium Member

to jansson_mark
said by jansson_mark:

Im not sure does this vulnerability also affect .FLC files...atleast I have dozens of those around (downloaded from youtube, google video, etc.).
Doesn't say a word about .flc files in your link-- it specifically mentions .fli files only:

". . The vulnerability is caused due to a boundary error when processing .FLI files and can be exploited to cause a buffer overflow when a user e.g. is tricked into opening a malicious FLI file. . . .

Solution:
Do not open untrusted .FLI files."

Woody79_00
I run Linux am I still a PC?
Premium Member
join:2004-07-08
united state

Woody79_00

Premium Member

A second Solution

If you have a Processor that supports Hardware-Based DEP(Ie Intel's Execute Disable Bit™ or AMD'S Advanced Virus Protection™) why not enable DEP for all programs and have "no exceptions" in the list...this would stop this at the "hardware level"

just a thought

i haven't seen an fli file in years..i don't even have the extension listed and one has never been used on this machine

ssj4android
Redefining Reality
join:2002-04-14
Wyoming, MI

ssj4android to jansson_mark

Member

to jansson_mark
I did have .fli files associated with MPC. This doesn't effect other DirectShow players (IE Windows Media Player)?

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer to jansson_mark

Premium Member

to jansson_mark
Actually Windows Media Player 6.4.x does not directly support FLI animation files as shown in the screen captures below.






This reported vulnerability is therefore not a Windows Media Player 6.4.x vulnerability, but a vulnerability in some non-specified (and probably non-Microsoft) codec.

Vamp
5c077
Premium Member
join:2003-01-28
MD

Vamp

Premium Member

MPC doesn't really support anything by it self, it is codec based and is a replacement for the current WMP (which is the biggest POS MS has ever made, Next to IE. ).

Despite this, I am still willing to bet that WMP is a bigger security risk.

NetFixer
From My Cold Dead Hands
Premium Member
join:2004-06-24
The Boro
Netgear CM500
Pace 5268AC
TRENDnet TEW-829DRU

NetFixer

Premium Member

My bad. I did not follow the link to the supplier's web site to see that this was not referring to the classic MS product. I just noticed the 6.4.9 version number which coincided with the older non-DRM laden version of the Windows Media Player.

caffeinator
Coming soon to a cup near you..
Premium Member
join:2005-01-16
00000

caffeinator to jansson_mark

Premium Member

to jansson_mark
hmm, think the last time I even saw a .fli was when I used Autodesk Animator 1.0 in DOS...that was a tuff POS to work with I tell ya. ;p

-CaFF