HTTP: MPlayer demux_open_vqf TwinVQ File Handling Buffer Overflow
This signature detects attempts to exploit a known buffer overflow vulnerability in MPlayer. It is due to a boundary error when processing TwinVQ files. A remote attacker can exploit this by persuading the target user to open a malicious TwinVQ file. In a successful attack, arbitrary code is supplied and executed on the target host. The behavior of the target system is dependent on the malicious code. Note that any code executed by the attacker runs with the privileges of the logged in user. In an unsuccessful attack, the application terminates abnormally while parsing the malicious TwinVQ file.
Extended Description
MPlayer is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions. This issue affects MPlayer 1.0rc2; other versions may also be affected.
Affected Products
Pardus linux_2007,Debian linux
Short Name
HTTP:STC:DL:MPLAYER-TWINVQ-BO
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2008-5616 File Handling MPlayer Overflow TwinVQ bid:32822 demux_open_vqf
Release Date
10/20/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3336
False Positive
Unknown
Vendors
Mandriva
Mplayer
Debian
Gentoo
Pardus
CVSS Score
10.0