Nostra DivX Player M3U String Buffer Overflow Vulnerability
BID:21480
Info
Nostra DivX Player M3U String Buffer Overflow Vulnerability
| Bugtraq ID: | 21480 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-6444 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 07 2006 12:00AM |
| Updated: | Jul 06 2016 01:33PM |
| Credit: | Parvez Anwar is credited with the discovery of this vulnerability. |
| Vulnerable: |
Nostra Nostra DivX Player 2.2.00.0 Nostra Nostra DivX Player 2.1 |
| Not Vulnerable: | |
Discussion
Nostra DivX Player M3U String Buffer Overflow Vulnerability
Nostra DivX Player is prone to a buffer-overflow vulnerability because the application fails to properly verify the size of user-supplied data before copying it into an insufficiently sized process buffer.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. Failed exploit attempts will likely crash applications, denying service to legitimate users.
This issue affects versions 2.1 and 2.2.00.0; other versions may also be vulnerable.
Nostra DivX Player is prone to a buffer-overflow vulnerability because the application fails to properly verify the size of user-supplied data before copying it into an insufficiently sized process buffer.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. Failed exploit attempts will likely crash applications, denying service to legitimate users.
This issue affects versions 2.1 and 2.2.00.0; other versions may also be vulnerable.
Exploit / POC
Nostra DivX Player M3U String Buffer Overflow Vulnerability
Attackers may exploit this issue by enticing victims into opening malicious playlist files.
Attackers may exploit this issue by enticing victims into opening malicious playlist files.
Solution / Fix
Nostra DivX Player M3U String Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any solutions for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any solutions for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Nostra DivX Player M3U String Buffer Overflow Vulnerability
References:
References:
- Nostra DivX Player Homepage (Nostra)