DivX Web Player < Stream Format Chunk Buffer Overflow

High Nessus Plugin ID 36185


The remote Windows host contains a media player that is susceptible to a buffer overflow attack.


DivX Web Player, which allows for playing HD-quality DivX video in a web browser, is installed on the remote host.

The installed version contains a heap-based buffer overflow that is triggered when processing 'STRF' (Stream Format) chunks. Using a specially crafted DivX file, an attacker may be able to leverage this issue to execute arbitrary code on the host subject to the user's privileges.


Upgrade to DivX Web Player or later in an updated DivX bundle as that reportedly addresses the issue.

See Also


Plugin Details

Severity: High

ID: 36185

File Name: divx_web_player_1_4_3_4.nasl

Version: $Revision: 1.8 $

Type: local

Agent: windows

Family: Windows

Published: 2009/04/17

Modified: 2016/05/05

Dependencies: 13855

Risk Information

Risk Factor: High


Base Score: 9.3

Temporal Score: 8.1

Vector: CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C

Temporal Vector: CVSS2#E:ND/RL:OF/RC:C

Vulnerability Information

Required KB Items: SMB/Registry/Enumerated

Exploit Available: false

Exploit Ease: No known exploits are available

Reference Information

CVE: CVE-2008-5259

BID: 34523

OSVDB: 53689

Secunia: 33196

CWE: 189