CoolPlayer Multiple Buffer Overflow Vulnerabilities
BID:21396
Info
CoolPlayer Multiple Buffer Overflow Vulnerabilities
| Bugtraq ID: | 21396 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-6288 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 01 2006 12:00AM |
| Updated: | Feb 11 2008 09:46PM |
| Credit: | Mehdi Oudad and Kevin Fernandez discovered these vulnerabilities. |
| Vulnerable: |
Total Player Total Player 3.0 CoolPlayer CoolPlayer 217 CoolPlayer CoolPlayer 215 |
| Not Vulnerable: |
CoolPlayer CoolPlayer 216 |
Discussion
CoolPlayer Multiple Buffer Overflow Vulnerabilities
CoolPlayer is prone to multiple buffer-overflow vulnerabilities because the application fails to check the size of the data before copying it into a finite-sized internal memory buffer.
An attacker can exploit these issues to execute arbitrary code within the context of the application or to cause a denial-of-service condition.
CoolPlayer 215 and prior versions are vulnerable to this issue; other versions may also be affected.
UPDATE (December 27, 2007): Reports indicate that CoolPlayer 217 is still vulnerable to this issue. Since the vendor released CoolPlayer 216 to address the issue, the fix may have been inadequate or CoolPlayer 217 may have reintroduced the issue. However, this has not been confirmed. We will update this BID as more information emerges.
CoolPlayer is prone to multiple buffer-overflow vulnerabilities because the application fails to check the size of the data before copying it into a finite-sized internal memory buffer.
An attacker can exploit these issues to execute arbitrary code within the context of the application or to cause a denial-of-service condition.
CoolPlayer 215 and prior versions are vulnerable to this issue; other versions may also be affected.
UPDATE (December 27, 2007): Reports indicate that CoolPlayer 217 is still vulnerable to this issue. Since the vendor released CoolPlayer 216 to address the issue, the fix may have been inadequate or CoolPlayer 217 may have reintroduced the issue. However, this has not been confirmed. We will update this BID as more information emerges.
Exploit / POC
CoolPlayer Multiple Buffer Overflow Vulnerabilities
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploit code is available:
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following exploit code is available:
Solution / Fix
CoolPlayer Multiple Buffer Overflow Vulnerabilities
Solution:
The vendor has released CoolPlayer 216 to address these issues; please see the references for details.
CoolPlayer CoolPlayer 215
Solution:
The vendor has released CoolPlayer 216 to address these issues; please see the references for details.
CoolPlayer CoolPlayer 215
-
CoolPlayer CoolPlayer216_Bin.zip
http://downloads.sourceforge.net/coolplayer/CoolPlayer216_Bin.zip
References
CoolPlayer Multiple Buffer Overflow Vulnerabilities
References:
References:
- CoolPlayer Web Site (CoolPlayer)
- Re: TotalPlayer 3.0 .m3u crash (Luigi Auriemma
- TotalPlayer 3.0 .m3u crash (Luigi Auriemma