MPlayer < 0.92.0 ASX Header Parsing Buffer Overflow

High Nessus Network Monitor Plugin ID 1768


The remote host is using a vulnerable version of MPlayer.


The remote host is using a version of MPlayer which is vulnerable to a buffer overflow. If MPlayer connects to a rogue web server, the server may send a malicious reply which will be executed on this host.
To exploit this vulnerability, an attacker would have to lure the user of this system to visit his website with MPlayer. The attacker then would need to have the web site send malformed replies to this host.


Upgrade to MPlayer 0.92.0 or higher.

Plugin Details

Severity: High

ID: 1768

Family: Web Clients

Published: 2004/08/20

Modified: 2016/01/15

Dependencies: 1767

Nessus ID: 14079

Risk Information

Risk Factor: High


Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C


Base Score: 7.3

Temporal Score: 6.8


Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-2003-0835

BID: 8702