MPlayer < 0.92.0 ASX Header Parsing Buffer Overflow

High Nessus Network Monitor Plugin ID 1768

Synopsis

The remote host is using a vulnerable version of MPlayer.

Description

The remote host is using a version of MPlayer which is vulnerable to a buffer overflow. If MPlayer connects to a rogue web server, the server may send a malicious reply which will be executed on this host.
To exploit this vulnerability, an attacker would have to lure the user of this system to visit his website with MPlayer. The attacker then would need to have the web site send malformed replies to this host.

Solution

Upgrade to MPlayer 0.92.0 or higher.

Plugin Details

Severity: High

ID: 1768

Family: Web Clients

Published: 2004/08/20

Modified: 2016/01/15

Dependencies: 1767

Nessus ID: 14079

Risk Information

Risk Factor: High

CVSSv2

Base Score: 7.5

Temporal Score: 6.2

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:F/RL:OF/RC:C

CVSSv3

Base Score: 7.3

Temporal Score: 6.8

Vector: CVSS3#AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Temporal Vector: CVSS3#E:F/RL:O/RC:C

Reference Information

CVE: CVE-2003-0835

BID: 8702