Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2008-5259

Overview

Vulnerability Score 9.3 9.3
CVE Id CVE-2008-5259
Last Modified 28 Apr 2009 01:34:42
Published 16 Apr 2009 11:12:57
Confidentiality Impact COMPLETE COMPLETE
Integrity Impact COMPLETE COMPLETE
Availability Impact COMPLETE COMPLETE
Access Vector NETWORK
Access Complexity MEDIUM
Authentication NONE

CVE-2008-5259

Summary

Integer signedness error in DivX Web Player 1.4.2.7, and possibly earlier versions, allows remote attackers to execute arbitrary code via a DivX file containing a crafted Stream Format (STRF) chunk, which triggers a heap-based buffer overflow.

Vulnerable Systems

Application

  • Divx Web Player 1.0.1

  • Divx Web Player 1.0.2

  • Divx Web Player 1.1

  • Divx Web Player 1.1.0

  • Divx Web Player 1.2

  • Divx Web Player 1.2.0

  • Divx Web Player 1.3

  • Divx Web Player 1.3.0

  • Divx Web Player 1.3.1

  • Divx Web Player 1.4

  • Divx Web Player 1.4.0

  • Divx Web Player 1.4.1

  • Divx Web Player 1.4.2

  • Divx Web Player 1.4.2.7


References

XF - divxwebplayer-strf-bo(49908)

VUPEN - ADV-2009-1044

SECTRACK - 1022061

BID - 34523

BUGTRAQ - 20090415 Secunia Research: DivX Web Player Stream Format Chunk Buffer Overflow

MISC - http://secunia.com/secunia_research/2008-57/

SECUNIA - 33196


Last Updated: 27 May 2016 10:48:46