3ivx MPEG-4多个远程栈缓冲区溢出漏洞
发布日期:2007-12-08
更新日期:2007-12-08
受影响系统:3ivx MPEG-4 5.0.1
描述:
BUGTRAQ ID:
26773
CVE(CAN) ID:
CVE-2007-6401,
CVE-2007-6402
3ivx MPEG-4是工业标准食品压缩系统。
3ivx MPEG-4 5.0.1及其他版本在处理MP4文件内的某些原子("©art", "©nam", "©cmt", "©des", "©cpy")时,3ivxDSMediaSplitter.ax存在边界错误,攻击者通过特制的MP4文件,利用此漏洞可造成缓冲区溢出,导致任意代码执行。
<*来源:SYS 49152
链接:
http://secunia.com/advisories/27998/
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
http://www.securityfocus.com/data/vulnerabilities/exploits/26773.pl
http://www.securityfocus.com/data/vulnerabilities/exploits/26773-2.pl
http://www.securityfocus.com/data/vulnerabilities/exploits/26773-3.pl建议:
厂商补丁:
3ivx
----
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
www.3ivx.com
参考:
3ivx MPEG-4 MP4 File Processing Buffer Overflows
-
Release Date: 2007-12-10 Last Update: 2007-12-24 Views: 28,959
Secunia Advisory SA27998
Where:
From remote
Impact:
System access
Solution Status:
Vendor Patch
Software:
3ivx MPEG-4 5.x
CVE Reference(s):
CVE-2007-6401
CVE-2007-6402
Description
SYS 49152 has discovered some vulnerabilities in 3ivx MPEG-4, which can be exploited by malicious people to compromise a user's system.
The vulnerabilities are caused due to boundary errors in 3ivxDSMediaSplitter.ax when processing certain atoms ("©art", "©nam", "©cmt", "©des", and "©cpy") in MP4 files and can be exploited to cause stack-based buffer overflows via a specially crafted MP4 file.
Successful exploitation allows execution of arbitrary code.
The vulnerabilities are confirmed in version 5.0.1 with the following applications as attack vectors:
* Windows Media Player version 6.4.09.1130 (mplayer2.exe)
* Media Player Classic version 6.4.9.0
Other versions and applications may also be affected.
Solution:
Update to version 5.0.2.
Provided and/or discovered by:
SYS 49152
milw0rm:
http://www.milw0rm.com/exploits/4701
http://www.milw0rm.com/exploits/4702浏览次数:1842
严重程度:0(网友投票)
