MPlayer Multiple Integer Overflow Vulnerabilities
BID:17295
Info
MPlayer Multiple Integer Overflow Vulnerabilities
| Bugtraq ID: | 17295 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-1502 |
| Remote: | Yes |
| Local: | No |
| Published: | Mar 29 2006 12:00AM |
| Updated: | Dec 07 2006 03:44AM |
| Credit: | Discovery is credited to XFOCUS Security Team <[email protected]>. |
| Vulnerable: |
MPlayer MPlayer 1.0.20060329 Mandriva Linux Mandrake 2006.0 x86_64 Mandriva Linux Mandrake 2006.0 MandrakeSoft Corporate Server 3.0 x86_64 MandrakeSoft Corporate Server 3.0 Gentoo Linux |
| Not Vulnerable: | |
Discussion
MPlayer Multiple Integer Overflow Vulnerabilities
MPlayer is susceptible to two integer-overflow vulnerabilities. An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may help the attacker gain unauthorized access or escalate privileges.
MPlayer version 1.0.20060329 is affected by these issues; other versions may also be affected.
MPlayer is susceptible to two integer-overflow vulnerabilities. An attacker may exploit these issues to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may help the attacker gain unauthorized access or escalate privileges.
MPlayer version 1.0.20060329 is affected by these issues; other versions may also be affected.
Exploit / POC
MPlayer Multiple Integer Overflow Vulnerabilities
Symantec is currently aware that exploits have been developed to leverage some or all of these issues. The exploits are not known to be publicly available at this time.
Symantec is currently aware that exploits have been developed to leverage some or all of these issues. The exploits are not known to be publicly available at this time.
Solution / Fix
MPlayer Multiple Integer Overflow Vulnerabilities
Solution:
Please see the referenced advisories for details on obtaining and applying fixes.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
Solution:
Please see the referenced advisories for details on obtaining and applying fixes.
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected]:[email protected]
References
MPlayer Multiple Integer Overflow Vulnerabilities
References:
References:
- MPlayer Homepage (MPlayer)
- MPlayer News (MPlayer)
- [xfocus-SD-060329]MPlayer: Multiple integer overflows (XFOCUS Security Team