DivX Player Skin File Directory Traversal Vulnerability
BID:12332
Info
DivX Player Skin File Directory Traversal Vulnerability
| Bugtraq ID: | 12332 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 21 2005 12:00AM |
| Updated: | Jan 21 2005 12:00AM |
| Credit: | Discovery of this vulnerability is credited to Luigi Auriemma. |
| Vulnerable: |
DivX Inc. DivX Player 2.6 |
| Not Vulnerable: | |
Discussion
DivX Player Skin File Directory Traversal Vulnerability
DivX Player is reported prone to a directory traversal vulnerability. The issue presents itself when DPS '.dps', archive files are processed.
Ultimately an attacker may exploit this issue to save a script or executable file in an arbitrary location. This may lead to the execution of malicious code when the affected system is restarted. Alternatively, the attacker may overwrite a target file with the privileges of a user that is installing a malicious skin file.
DivX Player is reported prone to a directory traversal vulnerability. The issue presents itself when DPS '.dps', archive files are processed.
Ultimately an attacker may exploit this issue to save a script or executable file in an arbitrary location. This may lead to the execution of malicious code when the affected system is restarted. Alternatively, the attacker may overwrite a target file with the privileges of a user that is installing a malicious skin file.
Exploit / POC
DivX Player Skin File Directory Traversal Vulnerability
No exploit is required. However, the following proof of concept is available:
No exploit is required. However, the following proof of concept is available:
Solution / Fix
DivX Player Skin File Directory Traversal Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.
References
DivX Player Skin File Directory Traversal Vulnerability
References:
References:
- arbitrary files overwriting through skins (Luigi Auriemma)
- DivX Player Homepage (DivX Inc.)