jansson_markMarkus Jansson Premium Member join:2001-08-05 Finland 2 edits |
Media Player Classic vulnerabilityI thought that MPC was pretty robust and secure. I always prefer it over WMP or even VideoLAN. Well, this is just one hole... quote: »secunia.com/advisories/26591/ Media Player Classic FLI File Processing Buffer Overflow Secunia Advisory: SA26591 Release Date: 2007-08-24 Critical: Highly critical Impact: System access Where: From remote Solution Status: Unpatched Software: Media Player Classic 6.x
However, I wonder when (if ever?!?) it will be patched? The files havent been updated early 2006 so...maybe there hasnt been any need for? I already posted this on the Sourceforge:s page. |
|
AB57 Premium Member join:2006-04-04 equatorial |
AB57
Premium Member
2007-Aug-25 8:22 pm
I've been trying to make head or tail out of this . . . .
I'm not sure I've ever had an .fli file opened on my computer in my lifetime. Or maybe I do all the time and just don't realize it? I certainly don't use Autodesk, and this is also closely tied to Quicktime, it would appear, which I rarely use-- and also possibly only an Apple vulnerability and not Windows? (That would be tough to believe, however.) I have no file association for .fli in my 'File Types' list on my machine either, which again leads me to believe it doesn't get used.
Is this then an actual real-world vulnerability or merely a theoretical vulnerability, would be my question. Smells a bit like Chicken Little, but maybe I'm wrong. |
|
ElJay join:2004-03-17 Portland, ME |
to jansson_mark
I don't think I've seen a FLI animation in at least 10 years. I have a few sitting on floppies around here somewhere. |
|
jansson_markMarkus Jansson Premium Member join:2001-08-05 Finland |
Im not sure does this vulnerability also affect .FLC files...atleast I have dozens of those around (downloaded from youtube, google video, etc.). |
|
Doctor FourMy other vehicle is a TARDIS Premium Member join:2000-09-05 Dallas, TX |
to jansson_mark
I wonder if it also affects FLV video. There's a spam going around lately that uses a javascript exploit to get a virus on the viewer's computer: » [Spam] New Youtube variant of virusI don't use MPC for FLI files, only for OGMs, MKVs and a few DVD VOBs here and there. And all of those I've gotten from known safe sources. |
|
|
AB57 Premium Member join:2006-04-04 equatorial |
to jansson_mark
said by jansson_mark:Im not sure does this vulnerability also affect .FLC files...atleast I have dozens of those around (downloaded from youtube, google video, etc.). Doesn't say a word about .flc files in your link-- it specifically mentions .fli files only: ". . The vulnerability is caused due to a boundary error when processing .FLI files and can be exploited to cause a buffer overflow when a user e.g. is tricked into opening a malicious FLI file. . . .
Solution: Do not open untrusted .FLI files." |
|
Woody79_00I run Linux am I still a PC? Premium Member join:2004-07-08 united state |
A second Solution If you have a Processor that supports Hardware-Based DEP(Ie Intel's Execute Disable Bit or AMD'S Advanced Virus Protection) why not enable DEP for all programs and have "no exceptions" in the list...this would stop this at the "hardware level" just a thought i haven't seen an fli file in years..i don't even have the extension listed and one has never been used on this machine |
|
ssj4androidRedefining Reality join:2002-04-14 Wyoming, MI |
to jansson_mark
I did have .fli files associated with MPC. This doesn't effect other DirectShow players (IE Windows Media Player)? |
|
NetFixerFrom My Cold Dead Hands Premium Member join:2004-06-24 The Boro Netgear CM500 Pace 5268AC TRENDnet TEW-829DRU
|
to jansson_mark
Actually Windows Media Player 6.4.x does not directly support FLI animation files as shown in the screen captures below.
This reported vulnerability is therefore not a Windows Media Player 6.4.x vulnerability, but a vulnerability in some non-specified (and probably non-Microsoft) codec.
|
|
Vamp5c077 Premium Member join:2003-01-28 MD |
Vamp
Premium Member
2007-Aug-27 9:23 pm
MPC doesn't really support anything by it self, it is codec based and is a replacement for the current WMP (which is the biggest POS MS has ever made, Next to IE. ). Despite this, I am still willing to bet that WMP is a bigger security risk. |
|
NetFixerFrom My Cold Dead Hands Premium Member join:2004-06-24 The Boro Netgear CM500 Pace 5268AC TRENDnet TEW-829DRU
|
NetFixer
Premium Member
2007-Aug-27 9:36 pm
My bad. I did not follow the link to the supplier's web site to see that this was not referring to the classic MS product. I just noticed the 6.4.9 version number which coincided with the older non-DRM laden version of the Windows Media Player. |
|
caffeinatorComing soon to a cup near you.. Premium Member join:2005-01-16 00000 |
to jansson_mark
hmm, think the last time I even saw a .fli was when I used Autodesk Animator 1.0 in DOS...that was a tuff POS to work with I tell ya. ;p
-CaFF |
|