In association with heise online

02 January 2008, 12:21

Vulnerabilities discovered in several Windows media players

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Several Windows media players have been found to contain vulnerabilities that could be exploited to compromise a user's system. A PC user running one of these programs would only have to open a specially crafted file, provided, for example, by a website. The problem in CoolPlayer involves a buffer overflow when reading tags in OGG files, which would allow malicious code to be written and executed in a system. The bug was discovered in Version 217, but other versions are also likely to be vulnerable. There is no update, although the report says that the developers are working on a solution.

There is a stack-based buffer overflow problem with Total Player that can be triggered by an excess length string in a playlist file. Successful exploitation may allow the execution of arbitrary code. The bug was discovered in Version No update is available. Finally, Zoom Player is affected by an unicode buffer-overflow that can be exploited by a malformed ZPL file to compromise a user's system. Although the vulnerability report refers to Zoom Player Standard Version, it is likely that the bug is also contained in other versions.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit