lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Thu, 02 Aug 2007 20:40:41 -0400
From: <edi.strosar@...nostne-novice.com>
To: "Full Disclosure" <full-disclosure@...ts.grok.org.uk>
Subject: BS.Player 2.22 NULL ptr dereference


=========================================================================
Team Intell Security Advisory TISA2007-10-Private
-------------------------------------------------------------------------
BS.Player 2.22 NULL pointer dereference
=========================================================================


Release Date:    03.08.2007
Severity:        Less critical
Impact:          Failure to handle exceptional conditions
Status:          Official patch available
Software:        BS.Player 2.22
Tested on:       Microsoft Windows XP Professional SP2
Vendor:          http://www.bsplayer.com
                  http://www.bsplayer.org
Disclosed:       Edi Strosar (Team Intell)


Description:
============

BS.Player is media player for Windows platform that 
supports many kinds of multimedia files. The application 
is susceptible to NULL/invalid pointer dereference that 
will crash the application.

The exception may be reproduced when trying to use "Load 
subtitles" function from a context menu or by pressing 
CTRL + L during movie playback. The vendor was already 
aware of the problem.


Debugger output:
================

0:000> g
(ac8.cf4): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception 
handling.
This exception may be expected and handled.
eax=00000000 ebx=032ea810 ecx=00000000 edx=032fa440 
esi=00000000 edi=032d0000
eip=032ea8ed esp=0012d514 ebp=0012d538 iopl=0         nv 
up ei ng nz ac pe cy
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000 
            efl=00010297
032ea8ed 015600          add     dword ptr [esi],edx 
 ds:0023:00000000=????????


Tested on BS.Player 2.22 free. Other versions of 2.22 
series may be vulnerable.


Solution:
=========
On August, 1st 2007 vendor released version 2.23 that 
solves this issue.


Timeline:
=========
02.08.2007 - bug analysis
03.08.2007 - public disclosure


Contact:
========
Maldin d.o.o.
Trzaska cesta 2
1000 Ljubljana - SI

tel: +386 (0)590 70 170
fax: +386 (0)590 70 177
gsm: +386 (0)31 816 400
web: www.teamintell.com
e-mail: info@...mintell.com


Disclaimer:
===========
The content of this report is purely informational and 
meant for educational purposes only. Maldin d.o.o. shall 
in no event be liable for any damage whatsoever, direct or 
implied, arising from use or spread of this information. 
Any use of information in this advisory is entirely at 
user's own risk.


=========================================================================

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists