Media Player Classic FLI File Remote Buffer Overflow Vulnerability
BID:25437
Info
Media Player Classic FLI File Remote Buffer Overflow Vulnerability
| Bugtraq ID: | 25437 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-7222 |
| Remote: | Yes |
| Local: | No |
| Published: | Aug 24 2007 12:00AM |
| Updated: | May 07 2015 05:35PM |
| Credit: | wushi is credited with the discovery of this issue. |
| Vulnerable: | |
| Not Vulnerable: | |
Discussion
Media Player Classic FLI File Remote Buffer Overflow Vulnerability
Media Player Classic is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data.
Attackers may attempt to exploit this issue by coercing users to access malicious FLI files.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. This facilitates the remote compromise of affected computers.
Media Player Classic 6.4.9.0 is vulnerable; other versions may also be affected.
Media Player Classic is prone to a buffer-overflow vulnerability because the application fails to properly bounds-check user-supplied data.
Attackers may attempt to exploit this issue by coercing users to access malicious FLI files.
Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. This facilitates the remote compromise of affected computers.
Media Player Classic 6.4.9.0 is vulnerable; other versions may also be affected.
Exploit / POC
Media Player Classic FLI File Remote Buffer Overflow Vulnerability
The following proof-of-concept FLI file is available:
The following proof-of-concept FLI file is available:
Solution / Fix
Media Player Classic FLI File Remote Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
Media Player Classic FLI File Remote Buffer Overflow Vulnerability
References:
References:
- Vendor Homepage (Gabest.org) (guliverkli)