Multiple Applications Media File Handling Denial of Service Vulnerability
BID:21612
Info
Multiple Applications Media File Handling Denial of Service Vulnerability
| Bugtraq ID: | 21612 |
| Class: | Failure to Handle Exceptional Conditions |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 15 2006 12:00AM |
| Updated: | Jan 25 2007 04:33PM |
| Credit: | shinnai is credited with the discovery of this vulnerability. |
| Vulnerable: |
NullSoft Winamp 5.0 91 NullSoft Winamp 5.0 9 NullSoft Winamp 5.0 8c NullSoft Winamp 5.0 8 NullSoft Winamp 5.0 7 NullSoft Winamp 5.0 6 NullSoft Winamp 5.0 5 NullSoft Winamp 5.0 4 NullSoft Winamp 5.0 3a NullSoft Winamp 5.0 3 NullSoft Winamp 5.0 2 NullSoft Winamp 5.0 1 NullSoft Winamp 5.31 NullSoft Winamp 5.3 NullSoft Winamp 5.24 NullSoft Winamp 5.22 NullSoft Winamp 5.21 NullSoft Winamp 5.2 NullSoft Winamp 5.13 NullSoft Winamp 5.12 NullSoft Winamp 5.11 NullSoft Winamp 5.094 Microsoft Windows XP Tablet PC Edition SP2 Microsoft Windows XP Professional SP2 Microsoft Windows XP Media Center Edition SP2 Microsoft Windows XP Home SP2 Microsoft Windows Media Player 6.4 Microsoft Windows Media Player 10.0 Microsoft Windows Explorer 0 Microsoft Windows 2000 Server SP4 Microsoft Windows 2000 Professional SP4 Microsoft Windows 2000 Datacenter Server SP4 Microsoft Windows 2000 Advanced Server SP4 |
| Not Vulnerable: | |
Discussion
Multiple Applications Media File Handling Denial of Service Vulnerability
Multiple applications are prone to a denial-of-service vulnerability.
A remote attacker may exploit this vulnerability by presenting malicious 'WMV', 'MID', and 'AVI' files to a victim user. When an affected application processes this image, the application crashes, effectively denying service.
It is not known at this time if this issue can be leveraged to execute arbitrary code; this BID will be updated as further information becomes available.
Multiple applications are prone to a denial-of-service vulnerability.
A remote attacker may exploit this vulnerability by presenting malicious 'WMV', 'MID', and 'AVI' files to a victim user. When an affected application processes this image, the application crashes, effectively denying service.
It is not known at this time if this issue can be leveraged to execute arbitrary code; this BID will be updated as further information becomes available.
Exploit / POC
Multiple Applications Media File Handling Denial of Service Vulnerability
The following exploits are available:
The following exploits are available:
Solution / Fix
Multiple Applications Media File Handling Denial of Service Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: mailto:[email protected].
References
Multiple Applications Media File Handling Denial of Service Vulnerability
References:
References:
- Windows Media Player Homepage (Microsoft)
- Windows XP Homepage (Microsoft)
- Windows Explorer WMV File Denial Of Service Vulnerability ([email protected])
- RE: Windows Explorer WMV File Denial Of Service Vulnerability (Ulises Cuñé
- Windows Media MID File Denial Of Service Vulnerability ([email protected])