Detections
Analytics

DivX Web Player < 1.4.3.4 Stream Format Chunk Buffer Overflow

high Nessus Plugin ID 36185

Synopsis

The remote Windows host contains a media player that is susceptible to a buffer overflow attack.

Description

DivX Web Player, which allows for playing HD-quality DivX video in a web browser, is installed on the remote host.

The installed version contains a heap-based buffer overflow that is triggered when processing 'STRF' (Stream Format) chunks. Using a specially crafted DivX file, an attacker may be able to leverage this issue to execute arbitrary code on the host subject to the user's privileges.

Solution

Upgrade to DivX Web Player 1.4.3.4 or later in an updated DivX bundle as that reportedly addresses the issue.

See Also

https://secuniaresearch.flexerasoftware.com/secunia_research/2008-57/

Plugin Details

Severity: High

ID: 36185

File Name: divx_web_player_1_4_3_4.nasl

Version: 1.10

Type: local

Agent: windows

Family: Windows

Published: 4/17/2009

Updated: 11/15/2018

Supported Sensors: Nessus Agent, Nessus

Risk Information

VPR

Risk Factor: Medium

Score: 5.9

CVSS v2

Risk Factor: High

Base Score: 9.3

Temporal Score: 6.9

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-5259

BID: 34523

CWE: 189

Secunia: 33196