lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: Thu, 02 Aug 2007 20:40:41 -0400 From: <edi.strosar@...nostne-novice.com> To: "Full Disclosure" <full-disclosure@...ts.grok.org.uk> Subject: BS.Player 2.22 NULL ptr dereference ========================================================================= Team Intell Security Advisory TISA2007-10-Private ------------------------------------------------------------------------- BS.Player 2.22 NULL pointer dereference ========================================================================= Release Date: 03.08.2007 Severity: Less critical Impact: Failure to handle exceptional conditions Status: Official patch available Software: BS.Player 2.22 Tested on: Microsoft Windows XP Professional SP2 Vendor: http://www.bsplayer.com http://www.bsplayer.org Disclosed: Edi Strosar (Team Intell) Description: ============ BS.Player is media player for Windows platform that supports many kinds of multimedia files. The application is susceptible to NULL/invalid pointer dereference that will crash the application. The exception may be reproduced when trying to use "Load subtitles" function from a context menu or by pressing CTRL + L during movie playback. The vendor was already aware of the problem. Debugger output: ================ 0:000> g (ac8.cf4): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00000000 ebx=032ea810 ecx=00000000 edx=032fa440 esi=00000000 edi=032d0000 eip=032ea8ed esp=0012d514 ebp=0012d538 iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010297 032ea8ed 015600 add dword ptr [esi],edx ds:0023:00000000=???????? Tested on BS.Player 2.22 free. Other versions of 2.22 series may be vulnerable. Solution: ========= On August, 1st 2007 vendor released version 2.23 that solves this issue. Timeline: ========= 02.08.2007 - bug analysis 03.08.2007 - public disclosure Contact: ======== Maldin d.o.o. Trzaska cesta 2 1000 Ljubljana - SI tel: +386 (0)590 70 170 fax: +386 (0)590 70 177 gsm: +386 (0)31 816 400 web: www.teamintell.com e-mail: info@...mintell.com Disclaimer: =========== The content of this report is purely informational and meant for educational purposes only. Maldin d.o.o. shall in no event be liable for any damage whatsoever, direct or implied, arising from use or spread of this information. Any use of information in this advisory is entirely at user's own risk. ========================================================================= _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists