Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2014-10024

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2014-10024
Last Modified 13 Jan 2015 07:30:53
Published 13 Jan 2015 06:59:31
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2014-10024

Summary

Multiple integer signedness errors in DirectShowDemuxFilter, as used in Divx Web Player, Divx Player, and other Divx plugins, allow remote attackers to execute arbitrary code via a (1) negative or (2) large value in a Stream Format (STRF) chunk in an AVI file, which triggers a heap-based buffer overflow.

Vulnerable Systems

Application

  • Divx Directshowdemuxfilter

  • Divx Player

  • Divx Web Player


References

BID - 67086

FULLDISC - 20140426 Divx plugin suite heap-based buffer overflow


Last Updated: 27 May 2016 11:07:31