iTinySoft Studio Total Video Player M3U Playlist Buffer Overflow Vulnerability
BID:22553
Info
iTinySoft Studio Total Video Player M3U Playlist Buffer Overflow Vulnerability
| Bugtraq ID: | 22553 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-0949 |
| Remote: | Yes |
| Local: | No |
| Published: | Feb 14 2007 12:00AM |
| Updated: | May 12 2015 07:34PM |
| Credit: | Parvez Anwar is credited with the discovery of this vulnerability. |
| Vulnerable: |
iTinySoft Studio Total Video Player 1.3.7 iTinySoft Studio Total Video Player 1.20 iTinySoft Studio Total Video Player 1.03 |
| Not Vulnerable: | |
Discussion
iTinySoft Studio Total Video Player M3U Playlist Buffer Overflow Vulnerability
Total Video Player is prone to a buffer-overflow vulnerability because the application fails to properly verify the size of user-supplied data before copying it into an insufficiently sized process buffer.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. Failed exploit attempts will likely crash applications, denying service to legitimate users.
This issue affects Total Video Player 1.03; other versions may also be vulnerable.
UPDATE (February 7, 2008): Total Video Player 1.20 is also affected.
UPDATE (January 27, 2009): Total Video Player 1.3.7 is also affected.
Total Video Player is prone to a buffer-overflow vulnerability because the application fails to properly verify the size of user-supplied data before copying it into an insufficiently sized process buffer.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. Failed exploit attempts will likely crash applications, denying service to legitimate users.
This issue affects Total Video Player 1.03; other versions may also be vulnerable.
UPDATE (February 7, 2008): Total Video Player 1.20 is also affected.
UPDATE (January 27, 2009): Total Video Player 1.3.7 is also affected.
Exploit / POC
iTinySoft Studio Total Video Player M3U Playlist Buffer Overflow Vulnerability
The following exploit code is available:
The following exploit code is available:
Solution / Fix
iTinySoft Studio Total Video Player M3U Playlist Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any solutions for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any solutions for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
iTinySoft Studio Total Video Player M3U Playlist Buffer Overflow Vulnerability
References:
References: