CVE-2008-5259

Properties

Published:
15.04.2009
Updated:
28.04.2009
Patch available:
Severity:
High
CVSS vector:
(AV:N/AC:M/Au:N/C:C/I:C/A:C)
Product:
divx: divx_web_player
divx: divx_web_player
divx: divx_web_player
divx: divx_web_player
divx: divx_web_player
divx: divx_web_player
divx: divx_web_player
divx: divx_web_player
divx: divx_web_player
divx: divx_web_player
divx: divx_web_player
divx: divx_web_player
divx: divx_web_player
divx: divx_web_player

Vulnerability description

Integer signedness error in DivX Web Player 1.4.2.7, and possibly earlier versions, allows remote attackers to execute arbitrary code via a DivX file containing a crafted Stream Format (STRF) chunk, which triggers a heap-based buffer overflow.

References:

XF: http://xforce.iss.net/xforce/xfdb/49908
VUPEN: http://www.vupen.com/english/advisories/2009/1044
SECTRACK: http://www.securitytracker.com/id?1022061
BID: http://www.securityfocus.com/bid/34523
BUGTRAQ: http://www.securityfocus.com/archive/1/archive/1/502701/100/0/threaded
MISC: http://secunia.com/secunia_research/2008-57/
SECUNIA: http://secunia.com/advisories/33196