VUPlayer M3U UNC Name Buffer Overflow Vulnerability
BID:21363
Info
VUPlayer M3U UNC Name Buffer Overflow Vulnerability
| Bugtraq ID: | 21363 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-6251 CVE-2009-0182 |
| Remote: | Yes |
| Local: | No |
| Published: | Nov 30 2006 12:00AM |
| Updated: | Jun 08 2010 06:49AM |
| Credit: | Greg Linares and Expanders are credited with the discovery of this vulnerability. |
| Vulnerable: |
VUPlayer VUPlayer 2.49 VUPlayer VUPlayer 2.44 |
| Not Vulnerable: | |
Discussion
VUPlayer M3U UNC Name Buffer Overflow Vulnerability
VUPlayer is prone to a buffer-overflow vulnerability because the application fails to properly verify the size of user-supplied data before copying it into an insufficiently sized process buffer.
This issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. Failed exploit attempts will likely crash applications, denying service to legitimate users.
This issue affects VUPlayer 2.44 and 2.49; earlier versions may also be vulnerable.
VUPlayer is prone to a buffer-overflow vulnerability because the application fails to properly verify the size of user-supplied data before copying it into an insufficiently sized process buffer.
This issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. Failed exploit attempts will likely crash applications, denying service to legitimate users.
This issue affects VUPlayer 2.44 and 2.49; earlier versions may also be vulnerable.
Exploit / POC
VUPlayer M3U UNC Name Buffer Overflow Vulnerability
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploits are available:
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploits are available:
- /data/vulnerabilities/exploits/21363-SkD.pl
- /data/vulnerabilities/exploits/21363-storms0uth.c
- /data/vulnerabilities/exploits/21363-6.py
- /data/vulnerabilities/exploits/21363-7.py
- /data/vulnerabilities/exploits/21363.c
- /data/vulnerabilities/exploits/21363.pl
- /data/vulnerabilities/exploits/21363-2.pl
- /data/vulnerabilities/exploits/vuplay_m3u.rb
Solution / Fix
VUPlayer M3U UNC Name Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any solutions for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any solutions for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
VUPlayer M3U UNC Name Buffer Overflow Vulnerability
References:
References: