In association with heise online

06 February 2008, 11:11

Buffer overflow in Nero Media Player

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

An exploit for a bug in Nero Media Player has been published that demonstrates how crafted M3U files can provoke a buffer overflow. The exploit merely generates a file with an over-long URI which crashes the media player, but the buffer overflow can also apparently be used to inject and execute code. For this to happen, however, the victim must download and open a crafted file or visit a crafted web page.

The bug was discovered in version Other versions are also likely to be affected. No patch is yet available and it is questionable whether there will be one, as the player has not been updated for some time. Users should consider using an alternative media player and uninstalling Nero Media Player. It is currently difficult to recommend a media player for Windows that is free of security issues. The media player with the fewest reports of security vulnerabilities in recent months has been Windows Media Player.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit