CrystalPlayer Playlist File Buffer Overflow Vulnerability
BID:25083
Info
CrystalPlayer Playlist File Buffer Overflow Vulnerability
| Bugtraq ID: | 25083 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2007-4032 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 26 2007 12:00AM |
| Updated: | May 07 2015 05:36PM |
| Credit: | Timq is credited with the discovery of this vulnerability. |
| Vulnerable: |
Crystal Player Crystal Player 1.98 |
| Not Vulnerable: | |
Discussion
CrystalPlayer Playlist File Buffer Overflow Vulnerability
CrystalPlayer is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with the privileges of the application. Successfully exploiting this issue will result in a compromise of affected computers. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects CrystalPlayer 1.98; other versions may also be vulnerable.
CrystalPlayer is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker can exploit this issue to execute arbitrary code with the privileges of the application. Successfully exploiting this issue will result in a compromise of affected computers. Failed exploit attempts will likely result in denial-of-service conditions.
This issue affects CrystalPlayer 1.98; other versions may also be vulnerable.
Exploit / POC
CrystalPlayer Playlist File Buffer Overflow Vulnerability
A sample exploit has been provided:
A sample exploit has been provided:
Solution / Fix
CrystalPlayer Playlist File Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
CrystalPlayer Playlist File Buffer Overflow Vulnerability
References:
References:
- Crystal Player Web Site (Crystal Player)