-->

  SecPod ID: 10221                                            Status: Public Report
  MPlayer TwinVQ Processing Buffer Overflow Vulnerability     Severity: High
                                                              Release Date: 16-12-2008
                                                              CVSS Base Score: 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
                                                              CVSS Temporal Score  = 6.9
                                                              Impact Level:  Application

  Affected Software/OS/Device:
  - MPlayer version 0.8.0.1 and prior

  OpenVAS Plugin ID: 
  Snort Signature ID:
  OVAL ID: 

  Vulnerability Insight:

  Overview:
  MPlayer is prone to Buffer Overflow Vulnerability.

  Description:
  This flaw is due to a stack buffer overflow vulnerability while parsing 
  malformed TwinVQ media files which causes execution of remote arbitrary 
  codes in the context of the application.

  Impact:
  Successful exploitation will let the attacker execute arbitrary codes in the
  context of the application and can cause buffer overflow.

  CVSS Score Report:
      ACCESS_VECTOR = NETWORK
      ACCESS_COMPLEXITY = MEDIUM
      AUTHENTICATION = NOT_REQUIRED
      CONFIDENTIALITY_IMPACT = COMPLETE
      INTEGRITY_IMPACT = COMPLETE
      AVAILABILITY_IMPACT = COMPLETE
      EXPLOITABILITY = UNPROVEN
      REMEDIATION_LEVEL = OFFICIAL_FIX
      REPORT_CONFIDENCE = CONFIRMED
      CVSS Base Score = 9.3 (AV:N/AC:M/Au:NR/C:C/I:C/A:C)
      CVSS Temporal Score = 6.9
      Risk factor = High

  Fix:
  Upgrade to the version 1.0rc2 or above,
  http://www.mplayerhq.hu/design7/news.html
  
  References: 
  http://trapkit.de/advisories/TKADV2008-014.txt

Home          Corporate          Resources          Report Security Bug          Diary