In association with heise online

25 November 2008, 12:45

Critical vulnerability in ffdshow audio and video codec

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

A buffer overflow in ffdshow, the free video and audio codec widely used under Windows, can be remotely exploited to infect a PC with malicious code. A report says the error occurs if an overly long link is parsed when ffdshow is working with a media stream and it can be misused to inject and run code.

Although BKIS Security, which discovered the vulnerability, believes that the vulnerability can be exploited by a mere visit to a crafted web site, it only gives a very vague description of the boundary conditions. Windows Media Player can use ffdshow, for example, to show films embedded in web sites directly in the browser, but it only uses ffdshow if it has been manually set to do so. BKIS, however, is assuming that the vulnerability can potentially be exploited via Windows Media Player plug-ins to Firefox, Opera, Chrome, and other browsers.

BKIS says all versions of ffdshow before rev2347 are affected, but later versions don't contain the vulnerability. Version rev2352 is being offered to download.

The vulnerable version of ffdshow is still often included in other codec packs such as K-lite Codec Pack, XP Codec Pack, Vista Codec Package, Storm Codec Pack and Codec Pack All. Users are being advised simply to install the current version of ffdshow as a replacement.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit