DivX Player Subtitle Parsing Buffer Overflow Vulnerability - Security


Editor Login \| Register		Ekle

> World > Security

DivX Player Subtitle Parsing Buffer Overflow Vulnerability - Security - World -

CWRedLight

(Date : 16.04.2008 21:58:02)

DivX Player Subtitle Parsing Buffer Overflow Vulnerability

Secunia Advisory:	SA29780
Release Date:	2008-04-16

Critical:	Highly critical
Impact:	System access
Where:	From remote
Solution Status:	Unpatched

Software:	DivX for Windows 6.x DivX Player 6.x

Description:
securfrog has discovered a vulnerability in DivX Player, which can potentially be exploited by malicious people to compromise a user"s system.

The vulnerability is caused due to a boundary error in the processing of subtitles. This can be exploited to cause a stack-based buffer overflow via an overly long subtitle line contained in a malicious SRT file.

Successful exploitation may allow execution of arbitrary code, but requires that the user is tricked into opening a specially crafted SRT file.

The vulnerability is confirmed in DivX Player 6.7 (build 6.7.0.22). Other versions may also be affected.

Solution:
Disable the automatic loading of subtitles. Do not open untrusted subtitles.

Provided and/or discovered by:
securfrog

Original Advisory:
http://milw0rm.com/exploits/5453

Derecelendir

Kaynak

http://secunia.com/advisories/29780/

İçerik İhbarı

Bağlantılar: bilgininefendisi.net

Open Source Document Project

AUP&TOS