lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Tue, 5 Jan 2010 20:35:22 +0500
From: rewterz security team <advisories@...terz.com>
To: Full Disclosure <full-disclosure@...ts.grok.org.uk>,
	bugtraq@...urityfocus.com
Subject: REWTERZ-20100101 - n.player Local Heap Overflow Vulnerability

========================================================

Rewterz 05/01/2010

- n.player Local Heap Overflow Vulnerability -

1) Affected Software

* n.player 1.12.07

NOTE: Other versions may also be affected.

========================================================
2) Severity

Rating: High
Impact: Denial of Service
Manipulation of Data
Where: Local

========================================================
3) Vendor's Description of Software

"n.player is a versatile media player that plays audio CDs, DVD, WMA,
MP3, AVI, DiVX and other media with the preinstalled DirectShow
decoder.

n.player also supports enhanced features for playing video and audio.

n.player includes the high-quality audio equalizer, support for divX
subtitles, many functions for video and audio playback and ATI Remote
Wonder controller support."

Product Link:
http://www.softpedia.com/get/Multimedia/Video/Video-Players/nplayer.shtml
http://www.samo.cz


========================================================
4) Description of Vulnerability

Rewterz has discovered vulnerability in n.player. This vulnerability
could lead to execution of code with the privileges of the current
process or user.

This vulnerability exists in the handling of application skin selection
by the user. We chose not to provide detailed information about
the location of the vulnerability and how to reproduce it because the
author hasn't confirmed this vulnerability. We can pass a long argument
with some commands into a heap. There is no checking of the length of
these inputs. Depending on the input, this will cause exploitable
condition.

We have confirmed the ability to execute our own code. This is a common
heap overflow vulnerability and can be exploited easily.


========================================================
5) Credits

Discovered by Rehan Ahmed, Rewterz.


========================================================
6) About Rewterz

Rewterz is a boutique Information Security company, committed to
consistently providing world class professional security services.
Our strategy revolves around the need to provide round-the-clock
quality information security services and solutions to our customers.
We maintain this standard through our highly skilled and professional
team, and custom-designed, customer-centric services and products.

http://www.rewterz.com


Complete list of vulnerability advisories published by Rewterz:

http://rewterz.com/securityadvisories.php


========================================================

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux - Powered by OpenVZ