HTTP: ffdshow Codec Media Stream URL Processing Buffer Overflow
A buffer overflow vulnerability exists in the ffdshow codec. The vulnerability is due to a boundary error when processing URLs. Remote attackers could exploit this vulnerability by enticing the target user to view a media stream or open an HTML page embedded media stream. Successful exploitation would cause a memory corruption that may lead to arbitrary code execution in the security context of the currently logged on user. An attack targeting this vulnerability can result in the injection and execution of code. If code execution is successful, the behaviour of the target will depend on the intention of the attacker. Any code injected will be executed within the security context of the currently logged in user. In the case of an unsuccessful code execution attack, the affected application will terminate abnormally.
Extended Description
The 'ffdshow' codec is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized buffer. Attackers can exploit this issue to execute arbitrary code in the context of an application that uses the library. Failed attacks may cause denial-of-service conditions. This issue affects versions prior to ffdshow rev2347_20081123. Additional applications that use this codec may also be vulnerable.
Affected Products
Ffdshow ffdshow
Short Name
HTTP:STC:STREAM:FFDSHOW-URL-OF
Severity
Major
Recommended
False
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2006-4868 CVE-2008-5381 CVE-2011-0042 Codec Media Overflow Processing Stream URL bid:20096 bid:32438 bid:46680 ffdshow
Release Date
10/19/2010
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3710
False Positive
Unknown
Vendors
Ffdshow