Date: Mon, 24 Aug 2015 15:14:24 +0530 From: "Arjun Basnet" <arjun@...ersecurityworks.com> To: <oss-security@...ts.openwall.com>, <cve-assign@...re.org> Cc: <s3curityshastragar@...il.com> Subject: SEH Local buffer overflow vulnerability Hello List, Could you please tell if this issue is applicable for CVE? I tried contacting vendor for reporting the issue but due to unavailability of contact details was unable to do so. Hence I am sending this mail to with the issue and request for CVE Description: A very common and awarded serenity audio player(Latest Version) and Malx media player(Older Version) ( http://malx-media-player.software.informer.com/awards/) is vulnerable to buffer overflow vulnerability, An attacker can create a malicious m3u and running the malicious file through the media player crashes the media player through an structure exception handling (SEH) and allows code execution on that system. This can help the attacker to gain access of the machine. Affected Versions: The vulnerabilities was tested on Windows 7 and XP SP2 and other could work on other version of Windows( not checked). Following version of media player are vulnerable: Serenity audio Player 3.2.3 Malx media player 3.2.2 and lower version may also be affected(Not checked) http://malsmith.kyabram.biz/serenity/ Discovered by: Arjun Basnet from Cyber Security Works Pvt. Ltd. Please feel free to contact me for any additional information. Have a nice day ! ================= Thanks & Regard's Arjun Basnet
Powered by blists - more mailing lists
Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.
Powered by Openwall GNU/*/Linux - Powered by OpenVZ