lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Message-ID: <683C36700B474AAA9F27BEFFFF6304D6@SVRTBkis>
Date: Wed, 26 Nov 2008 09:25:33 +0700
From: "svrt" <svrt@...v.com.vn>
Cc: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: Re: [SVRT-05-08] Critical BoF vulnerability found
	in ffdshow affecting all internet browsers (SVRT-Bkis)

Hi,

To Nguyen Nam : You can see details in 
http://sourceforge.net/forum/forum.php?forum_id=597807

Besides, K-lite Codec Pack that contains the fixed version of ffdshow have 
been released today (11-26-2008).


Thanks,
SVRT-Bkis

----------------------------------------------------------------
Bach Khoa Internetwork Security Center (BKIS)
Hanoi University of Technology (Vietnam)

Email : svrt@...v.com.vn
Website : www.bkav.com.vn
WebBlog : security.bkis.vn
Our PGP : http://security.bkis.vn/policy/pgp/SVRT-Bkis.gpg
---------------------------------------------------------------- 

----- Original Message ----- 
From: "Nam Nguyen" <namn@...emoon.com.vn>
To: "svrt" <svrt@...v.com.vn>
Cc: <bugtraq@...urityfocus.com>; <full-disclosure@...ts.grok.org.uk>
Sent: Tuesday, November 25, 2008 9:41 AM
Subject: Re: [SVRT-05-08] Critical BoF vulnerability found in ffdshow 
affecting all internet browsers (SVRT-Bkis)


> The report is for ffdshow, but the referred URL is to ffdshow-tryout. I
> wonder if they are the same.
>
> Cheers
> Nam
>
> On Mon, 24 Nov 2008 15:17:05 +0700
> "svrt" <svrt@...v.com.vn> wrote:
>
>> 1. General Information
>>
>> ffdshow is a DirectShow filter and VFW codec for many audio and video
>> formats, such as DivX, Xvid and H.264. It is the most popular audio and
>> video decoder on Windows. Besides a stand-alone setup package, ffdshow is
>> often included in almost all codec pack software such as K-lite Codec
> Pack,
>> XP Codec Pack, Vista Codec Package, Codec Pack All in one,.
>>
>> In Oct 2008, SVRT-Bkis has detected a serious buffer overflow
> vulnerability
>> in ffdshow which affects all available internet browsers. Taking 
>> advantage
>
>> of the flaw, hackers can perform remote attack, inject viruses, steal
>> sensitive information and even take control of the victim's system.
>>
>> Since ffdshow is an open source software (can be found at
>> http://sourceforge.net/projects/ffdshow-tryout), we have contacted the
>> developing team and they have patched the vulnerability in the latest
>> version of ffdshow.
>>
>> Details : http://security.bkis.vn/?p=277
>> SVRT Advisory  : SVRT-05-08
>> Initial vendor notification :  13-11-2008
>> Release Date : 24-11-2008
>> Update Date  : 24-11-2008
>> Discovered by : SVRT-Bkis
>> Security Rating :  Critical
>> Impact  Remote : Code Execution
>> Affected Software : ffdshow  (< rev2347 20081123)
>>
>> 2. Technique Description
>>
>> The flaw occurs when ffdshow works with a media stream (e.g.
>> http://[website]/test.avi). On parsing an overly long link, ffdshow would
>> encounter a buffer overflow error as the memory is not allocated and
>> controlled well.
>>
>> ffdshow is in fact a codec component for decoding multimedia formats so 
>> it
>
>> must be used via some media player; the default program is Windows Media
>> Player (wmp). Due to this reason, all internet browsers that support wmp
>> plug-in are influenced by this vulnerability, such as Internet Explorer,
>> Firefox, Opera, Chrome...
>>
>> In order to exploit, hackers trick users into visiting a website
> containing
>> malicious code. If successful, malicious code would be executed without
> any
>> users' further interaction. Hackers can then take complete control of the
>> system.
>>
>> 3. Solution
>>
>> As for the seriousness of the vulnerability, it has been patched in the
>> latest version of ffdshow by the developing team of the software. Bkis
>> Internetwork Security Center highly recommends that users should update
>> ffdshow to the latest version here:
>>
> http://sourceforge.net/project/showfiles.php?group_id=173941&package_id=199416&release_id=439904
>>
>> At the moment, there are a lot of software packages packing ffdshow that
>> haven't been updated. On account of this, users should also update the
>> ffdshow latest versions:
>> - K-Lite Codec Pack (lastest version).
>> - XP Codec Pack (lastest version).
>> - Vista Codec Package (lastest version).
>> - Codec Pack All in one (lastest version).
>> - Storm Codec Pack (lastest version).
>> - And many other software Codec packages using ffdshow.
>>
>> In addition, software producers that make use of ffdshow in their 
>> products
>
>> should also update these products with the latest version of ffdshow.
>>
>> 4. Credits
>> Thanks Nguyen Anh Tai for working with SVRT-Bkis.
>>
>> ----------------------------------------------------------------
>> Bach Khoa Internetwork Security Center (BKIS)
>> Hanoi University of Technology (Vietnam)
>>
>> Email : svrt@...v.com.vn
>> Website : www.bkav.com.vn
>> WebBlog : security.bkis.vn
>> Our PGP : http://security.bkis.vn/policy/pgp/SVRT-Bkis.gpg
>> ---------------------------------------------------------------- 
>>
>>
>>
>>
>
>
> -- 
> Nam
> 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ