lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <1938801340.20070516193114@SECURITY.NNOV.RU>
Date: Wed, 16 May 2007 19:31:14 +0400
From: 3APA3A <3APA3A@...URITY.NNOV.RU>
To: "Michal Bucko (hackpl)" <sapheal@...k.pl>
Cc: bugtraq@...urityfocus.com
Subject: Re: Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability

Dear Michal Bucko (hackpl),

 DoS  against  e.g. Internet Explorer may be treated as a vulnerability,
 because  all  windows  are  closed  and  user  can  loose  some  useful
 information.  This is very low impact, but it is. In this case I see no
 impact at all. Resource consumption during dump file creation?

 Universal DoS against any media player:

 1. Create new file in notepad
 2. Type "Na!"
 3. Save file as exploit.mp3
 4. Open file in any media player.
 5. Media player fails to play.

 Is it vulnerability? Guys, not any application bug is security one.


--Tuesday, May 15, 2007, 1:49:54 AM, you wrote to bugtraq@...urityfocus.com:


MBh> Media Player Classic fails to handle MPA-extension media files. When empty
MBh> file provided Media Player
MBh> Classic fails to properly parse MPA file format.

MBh> 00634DD1 |. 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+18]
MBh> 00634DD5 |. 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14]
MBh> 00634DD9 |. 33D2 XOR EDX,EDX
MBh> 00634DDB |. F7F1 DIV ECX

MBh> ECX 00000000


-- 
~/ZARAZA http://securityvulns.com/


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ