MMPlayer '.m3u' and '.ppl' Files Multiple Local Buffer Overflow Vulnerabilities
BID:52698
Info
MMPlayer '.m3u' and '.ppl' Files Multiple Local Buffer Overflow Vulnerabilities
| Bugtraq ID: | 52698 |
| Class: | Boundary Condition Error |
| CVE: | |
| Remote: | No |
| Local: | Yes |
| Published: | Mar 23 2012 12:00AM |
| Updated: | Jun 18 2012 12:00PM |
| Credit: | RjRjh Hack3r |
| Vulnerable: |
TFM MMPlayer 2.2 |
| Not Vulnerable: | |
Discussion
MMPlayer '.m3u' and '.ppl' Files Multiple Local Buffer Overflow Vulnerabilities
MMPlayer is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.
Local attackers can exploit these issues to run arbitrary code with elevated privileges. Failed exploit attempts can result in a denial-of-service condition.
MMPlayer 2.2 is vulnerable; other versions may also be affected.
MMPlayer is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied data.
Local attackers can exploit these issues to run arbitrary code with elevated privileges. Failed exploit attempts can result in a denial-of-service condition.
MMPlayer 2.2 is vulnerable; other versions may also be affected.
Exploit / POC
MMPlayer '.m3u' and '.ppl' Files Multiple Local Buffer Overflow Vulnerabilities
The following example exploits are available:
The following example exploits are available:
Solution / Fix
MMPlayer '.m3u' and '.ppl' Files Multiple Local Buffer Overflow Vulnerabilities
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
MMPlayer '.m3u' and '.ppl' Files Multiple Local Buffer Overflow Vulnerabilities
References:
References:
- TFM MMPlayer Homepage (TFM)