DivX Web Player < 18.104.22.168 Stream Format Chunk Buffer Overflow
High Nessus Plugin ID 36185
SynopsisThe remote Windows host contains a media player that is susceptible to a buffer overflow attack.
DescriptionDivX Web Player, which allows for playing HD-quality DivX video in a web browser, is installed on the remote host.
The installed version contains a heap-based buffer overflow that is triggered when processing 'STRF' (Stream Format) chunks. Using a specially crafted DivX file, an attacker may be able to leverage this issue to execute arbitrary code on the host subject to the user's privileges.
SolutionUpgrade to DivX Web Player 22.214.171.124 or later in an updated DivX bundle as that reportedly addresses the issue.