Search...

DivX Web Player Buffer Overflow Vulnerability

2009-04-23T00:00:00

ID OPENVAS:900537
Type openvas
Reporter Copyright (C) 2009 SecPod
Modified 2017-01-20T00:00:00

Description

This host is running DivX Web Player which is prone to buffer overflow vulnerability.

                                        
                                            ###############################################################################
# OpenVAS Vulnerability Test
# $Id: secpod_divx_web_player_bof_vuln.nasl 5055 2017-01-20 14:08:39Z teissa $
#
# DivX Web Player Buffer Overflow Vulnerability
#
# Authors:
# Nikita MR &lt;rnikita@secpod.com&gt;
#
# Copyright:
# Copyright (c) 2009 SecPod, http://www.secpod.com
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License version 2
# (or any later version), as published by the Free Software Foundation.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the Free Software
# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
###############################################################################

tag_impact = "Successful exploitation will let the attacker execute arbitrary
  codes within the context of the application by tricking a user into
  opening a crafted DivX file.

  Impact level: System";

tag_affected = "DivX Web Player 1.4.2.7 and prior on Windows.";
tag_insight = "This flaw is due to the boundary checking error while processing Stream
  Format 'STRF' chunks which causes heap overflow.";
tag_solution = "Update to version 1.4.3.4
  http://www.divx.com/downloads/divx";
tag_summary = "This host is running DivX Web Player which is prone to buffer
  overflow vulnerability.";

if(description)
{
  script_id(900537);
  script_version("$Revision: 5055 $");
  script_tag(name:"last_modification", value:"$Date: 2017-01-20 15:08:39 +0100 (Fri, 20 Jan 2017) $");
  script_tag(name:"creation_date", value:"2009-04-23 08:16:04 +0200 (Thu, 23 Apr 2009)");
  script_tag(name:"cvss_base", value:"9.3");
  script_tag(name:"cvss_base_vector", value:"AV:N/AC:M/Au:N/C:C/I:C/A:C");
  script_cve_id("CVE-2008-5259");
  script_bugtraq_id(34523);
  script_name("DivX Web Player Buffer Overflow Vulnerability");
  script_xref(name : "URL" , value : "http://en.securitylab.ru/nvd/377996.php");
  script_xref(name : "URL" , value : "http://secunia.com/advisories/33196");
  script_xref(name : "URL" , value : "http://www.vupen.com/english/advisories/2009/1044");

  script_tag(name:"qod_type", value:"executable_version");
  script_category(ACT_GATHER_INFO);
  script_copyright("Copyright (C) 2009 SecPod");
  script_family("Buffer overflow");
  script_dependencies("secpod_divx_web_player_detect.nasl");
  script_require_keys("DivX/Web/Player/Ver");
  script_tag(name : "affected" , value : tag_affected);
  script_tag(name : "insight" , value : tag_insight);
  script_tag(name : "solution" , value : tag_solution);
  script_tag(name : "summary" , value : tag_summary);
  script_tag(name : "impact" , value : tag_impact);
  exit(0);
}


include("version_func.inc");

divxVer = get_kb_item("DivX/Web/Player/Ver");
if(divxVer == NULL){
  exit(0);
}

if(version_is_less(version:divxVer, test_version:"1.4.3.4")){
  security_message(0);
}

JSON Vulners Source

Initial Source

{"id": "OPENVAS:900537", "type": "openvas", "bulletinFamily": "scanner", "title": "DivX Web Player Buffer Overflow Vulnerability", "description": "This host is running DivX Web Player which is prone to buffer\n overflow vulnerability.", "published": "2009-04-23T00:00:00", "modified": "2017-01-20T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "http://plugins.openvas.org/nasl.php?oid=900537", "reporter": "Copyright (C) 2009 SecPod", "references": ["http://secunia.com/advisories/33196", "http://en.securitylab.ru/nvd/377996.php", "http://www.vupen.com/english/advisories/2009/1044"], "cvelist": ["CVE-2008-5259"], "lastseen": "2017-07-02T21:13:51", "viewCount": 1, "enchantments": {"score": {"value": 8.6, "vector": "NONE", "modified": "2017-07-02T21:13:51", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2008-5259"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:9849", "SECURITYVULNS:DOC:21684"]}, {"type": "seebug", "idList": ["SSV:5061", "SSV:5074"]}, {"type": "nessus", "idList": ["DIVX_WEB_PLAYER_1_4_3_4.NASL"]}, {"type": "openvas", "idList": ["OPENVAS:1361412562310900537", "OPENVAS:63856"]}, {"type": "kaspersky", "idList": ["KLA10137"]}], "modified": "2017-07-02T21:13:51", "rev": 2}, "vulnersScore": 8.6}, "pluginID": "900537", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n# $Id: secpod_divx_web_player_bof_vuln.nasl 5055 2017-01-20 14:08:39Z teissa $\n#\n# DivX Web Player Buffer Overflow Vulnerability\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (c) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\ntag_impact = \"Successful exploitation will let the attacker execute arbitrary\n codes within the context of the application by tricking a user into\n opening a crafted DivX file.\n\n Impact level: System\";\n\ntag_affected = \"DivX Web Player 1.4.2.7 and prior on Windows.\";\ntag_insight = \"This flaw is due to the boundary checking error while processing Stream\n Format 'STRF' chunks which causes heap overflow.\";\ntag_solution = \"Update to version 1.4.3.4\n http://www.divx.com/downloads/divx\";\ntag_summary = \"This host is running DivX Web Player which is prone to buffer\n overflow vulnerability.\";\n\nif(description)\n{\n script_id(900537);\n script_version(\"$Revision: 5055 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-01-20 15:08:39 +0100 (Fri, 20 Jan 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-23 08:16:04 +0200 (Thu, 23 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5259\");\n script_bugtraq_id(34523);\n script_name(\"DivX Web Player Buffer Overflow Vulnerability\");\n script_xref(name : \"URL\" , value : \"http://en.securitylab.ru/nvd/377996.php\");\n script_xref(name : \"URL\" , value : \"http://secunia.com/advisories/33196\");\n script_xref(name : \"URL\" , value : \"http://www.vupen.com/english/advisories/2009/1044\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"secpod_divx_web_player_detect.nasl\");\n script_require_keys(\"DivX/Web/Player/Ver\");\n script_tag(name : \"affected\" , value : tag_affected);\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"impact\" , value : tag_impact);\n exit(0);\n}\n\n\ninclude(\"version_func.inc\");\n\ndivxVer = get_kb_item(\"DivX/Web/Player/Ver\");\nif(divxVer == NULL){\n exit(0);\n}\n\nif(version_is_less(version:divxVer, test_version:\"1.4.3.4\")){\n security_message(0);\n}\n", "naslFamily": "Buffer overflow"}

{"cve": [{"lastseen": "2021-02-02T05:35:18", "description": "Integer signedness error in DivX Web Player 1.4.2.7, and possibly earlier versions, allows remote attackers to execute arbitrary code via a DivX file containing a crafted Stream Format (STRF) chunk, which triggers a heap-based buffer overflow.", "edition": 6, "cvss3": {}, "published": "2009-04-16T15:12:00", "title": "CVE-2008-5259", "type": "cve", "cwe": ["CWE-189"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2008-5259"], "modified": "2018-10-11T20:54:00", "cpe": ["cpe:/a:divx:divx_web_player:1.3.0", "cpe:/a:divx:divx_web_player:1.4.2", "cpe:/a:divx:divx_web_player:1.4.2.7", "cpe:/a:divx:divx_web_player:1.1.0", "cpe:/a:divx:divx_web_player:1.2.0", "cpe:/a:divx:divx_web_player:1.4.0", "cpe:/a:divx:divx_web_player:1.0.2", "cpe:/a:divx:divx_web_player:1.4", "cpe:/a:divx:divx_web_player:1.4.1", "cpe:/a:divx:divx_web_player:1.3.1", "cpe:/a:divx:divx_web_player:1.0.1", "cpe:/a:divx:divx_web_player:1.2", "cpe:/a:divx:divx_web_player:1.3", "cpe:/a:divx:divx_web_player:1.1"], "id": "CVE-2008-5259", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-5259", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:divx:divx_web_player:1.3:*:*:*:*:*:*:*", "cpe:2.3:a:divx:divx_web_player:1.0.1:*:*:*:*:*:*:*", "cpe:2.3:a:divx:divx_web_player:1.4:*:*:*:*:*:*:*", "cpe:2.3:a:divx:divx_web_player:1.2.0:*:*:*:*:*:*:*", "cpe:2.3:a:divx:divx_web_player:1.4.0:beta2:*:*:*:*:*:*", "cpe:2.3:a:divx:divx_web_player:1.4.2:beta2:*:*:*:*:*:*", "cpe:2.3:a:divx:divx_web_player:1.4.2.7:*:*:*:*:*:*:*", "cpe:2.3:a:divx:divx_web_player:1.3.1:*:*:*:*:*:*:*", "cpe:2.3:a:divx:divx_web_player:1.2:*:*:*:*:*:*:*", "cpe:2.3:a:divx:divx_web_player:1.1.0:*:*:*:*:*:*:*", "cpe:2.3:a:divx:divx_web_player:1.3.0:*:*:*:*:*:*:*", "cpe:2.3:a:divx:divx_web_player:1.1:*:*:*:*:*:*:*", "cpe:2.3:a:divx:divx_web_player:1.0.2:*:*:*:*:*:*:*", "cpe:2.3:a:divx:divx_web_player:1.4.1:beta1:*:*:*:*:*:*"]}], "kaspersky": [{"lastseen": "2020-09-02T11:44:21", "bulletinFamily": "info", "cvelist": ["CVE-2008-5259"], "description": "### *Detect date*:\n04/16/2009\n\n### *Severity*:\nCritical\n\n### *Description*:\nAn integer signing error was found in DivX Web Player. By exploiting this vulnerability malicious users can execute arbitrary code. This vulnerability can be exploited remotely via a specially designed DivX file.\n\n### *Affected products*:\nDivX Web Player versions 1.4.2.7 and earlier\n\n### *Solution*:\nUpdate to latest version\n\n### *Impacts*:\nACE \n\n### *Related products*:\n[DivX Web Player](<https://threats.kaspersky.com/en/product/DivX-Web-Player/>)\n\n### *CVE-IDS*:\n[CVE-2008-5259](<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-5259>)9.3Critical", "edition": 42, "modified": "2020-05-22T00:00:00", "published": "2009-04-16T00:00:00", "id": "KLA10137", "href": "https://threats.kaspersky.com/en/vulnerability/KLA10137", "title": "\r KLA10137ACE vulnerability in DivX Web Player ", "type": "kaspersky", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}], "openvas": [{"lastseen": "2020-04-29T22:26:39", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5259"], "description": "This host is running DivX Web Player which is prone to buffer\n overflow vulnerability.", "modified": "2020-04-27T00:00:00", "published": "2009-04-23T00:00:00", "id": "OPENVAS:1361412562310900537", "href": "http://plugins.openvas.org/nasl.php?oid=1361412562310900537", "type": "openvas", "title": "DivX Web Player Buffer Overflow Vulnerability", "sourceData": "###############################################################################\n# OpenVAS Vulnerability Test\n#\n# DivX Web Player Buffer Overflow Vulnerability\n#\n# Authors:\n# Nikita MR <rnikita@secpod.com>\n#\n# Copyright:\n# Copyright (C) 2009 SecPod, http://www.secpod.com\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2\n# (or any later version), as published by the Free Software Foundation.\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n###############################################################################\n\nif(description)\n{\n script_oid(\"1.3.6.1.4.1.25623.1.0.900537\");\n script_version(\"2020-04-27T09:00:11+0000\");\n script_tag(name:\"last_modification\", value:\"2020-04-27 09:00:11 +0000 (Mon, 27 Apr 2020)\");\n script_tag(name:\"creation_date\", value:\"2009-04-23 08:16:04 +0200 (Thu, 23 Apr 2009)\");\n script_tag(name:\"cvss_base\", value:\"9.3\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_cve_id(\"CVE-2008-5259\");\n script_bugtraq_id(34523);\n script_name(\"DivX Web Player Buffer Overflow Vulnerability\");\n script_xref(name:\"URL\", value:\"http://en.securitylab.ru/nvd/377996.php\");\n script_xref(name:\"URL\", value:\"http://secunia.com/advisories/33196\");\n script_xref(name:\"URL\", value:\"http://www.vupen.com/english/advisories/2009/1044\");\n\n script_tag(name:\"qod_type\", value:\"executable_version\");\n script_category(ACT_GATHER_INFO);\n script_copyright(\"Copyright (C) 2009 SecPod\");\n script_family(\"Buffer overflow\");\n script_dependencies(\"secpod_divx_web_player_detect.nasl\");\n script_mandatory_keys(\"DivX/Web/Player/Ver\");\n script_tag(name:\"affected\", value:\"DivX Web Player 1.4.2.7 and prior on Windows.\");\n script_tag(name:\"insight\", value:\"This flaw is due to the boundary checking error while processing Stream\n Format 'STRF' chunks which causes heap overflow.\");\n script_tag(name:\"solution\", value:\"Update to version 1.4.3.4.\");\n script_tag(name:\"summary\", value:\"This host is running DivX Web Player which is prone to buffer\n overflow vulnerability.\");\n script_tag(name:\"impact\", value:\"Successful exploitation will let the attacker execute arbitrary\n codes within the context of the application by tricking a user into\n opening a crafted DivX file.\");\n\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n\n exit(0);\n}\n\ninclude(\"version_func.inc\");\n\ndivxVer = get_kb_item(\"DivX/Web/Player/Ver\");\nif(!divxVer)\n exit(0);\n\nif(version_is_less(version:divxVer, test_version:\"1.4.3.4\")){\n report = report_fixed_ver(installed_version:divxVer, fixed_version:\"1.4.3.4\");\n security_message(port: 0, data: report);\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}, {"lastseen": "2017-12-04T11:29:09", "bulletinFamily": "scanner", "cvelist": ["CVE-2009-0196", "CVE-2009-0796", "CVE-2009-1185", "CVE-2009-0792", "CVE-2009-1016", "CVE-2009-0584", "CVE-2007-6725", "CVE-2009-1186", "CVE-2008-6679", "CVE-2009-0583", "CVE-2009-1012", "CVE-2008-5259"], "description": "The remote host is missing an update to gs-gpl\nannounced via advisory USN-757-1.", "modified": "2017-12-01T00:00:00", "published": "2009-04-20T00:00:00", "id": "OPENVAS:63856", "href": "http://plugins.openvas.org/nasl.php?oid=63856", "type": "openvas", "title": "Ubuntu USN-757-1 (gs-gpl)", "sourceData": "# OpenVAS Vulnerability Test\n# $Id: ubuntu_757_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# $Id: ubuntu_757_1.nasl 7969 2017-12-01 09:23:16Z santu $\n# Description: Auto-generated from advisory USN-757-1 (gs-gpl)\n#\n# Authors:\n# Thomas Reinke <reinke@securityspace.com>\n#\n# Copyright:\n# Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\n# Text descriptions are largely excerpted from the referenced\n# advisory, and are Copyright (c) the respective author(s)\n#\n# This program is free software; you can redistribute it and/or modify\n# it under the terms of the GNU General Public License version 2,\n# or at your option, GNU General Public License version 3,\n# as published by the Free Software Foundation\n#\n# This program is distributed in the hope that it will be useful,\n# but WITHOUT ANY WARRANTY; without even the implied warranty of\n# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the\n# GNU General Public License for more details.\n#\n# You should have received a copy of the GNU General Public License\n# along with this program; if not, write to the Free Software\n# Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.\n#\n\ninclude(\"revisions-lib.inc\");\ntag_solution = \"The problem can be corrected by upgrading your system to the\n following package versions:\n\nUbuntu 6.06 LTS:\n gs-esp 8.15.2.dfsg.0ubuntu1-0ubuntu1.2\n gs-gpl 8.15-4ubuntu3.3\n\nUbuntu 8.04 LTS:\n libgs8 8.61.dfsg.1-1ubuntu3.2\n\nUbuntu 8.10:\n libgs8 8.63.dfsg.1-0ubuntu6.4\n\nIn general, a standard system upgrade is sufficient to effect the\nnecessary changes.\n\nhttps://secure1.securityspace.com/smysecure/catid.html?in=USN-757-1\";\n\ntag_insight = \"It was discovered that Ghostscript contained a buffer underflow in its\nCCITTFax decoding filter. If a user or automated system were tricked into\nopening a crafted PDF file, an attacker could cause a denial of service or\nexecute arbitrary code with privileges of the user invoking the program.\n(CVE-2007-6725)\n\nIt was discovered that Ghostscript contained a buffer overflow in the\nBaseFont writer module. If a user or automated system were tricked into\nopening a crafted Postscript file, an attacker could cause a denial of\nservice or execute arbitrary code with privileges of the user invoking the\nprogram. (CVE-2008-6679)\n\nIt was discovered that Ghostscript contained additional integer overflows\nin its ICC color management library. If a user or automated system were\ntricked into opening a crafted Postscript or PDF file, an attacker could\ncause a denial of service or execute arbitrary code with privileges of the\nuser invoking the program. (CVE-2009-0792)\n\nAlin Rad Pop discovered that Ghostscript contained a buffer overflow in the\njbig2dec library. If a user or automated system were tricked into opening a\ncrafted PDF file, an attacker could cause a denial of service or execute\narbitrary code with privileges of the user invoking the program.\n(CVE-2009-0196)\n\nUSN-743-1 provided updated ghostscript and gs-gpl packages to fix two\nsecurity vulnerabilities. This update corrects the same vulnerabilities in\nthe gs-esp package.\n\nOriginal advisory details:\n It was discovered that Ghostscript contained multiple integer overflows in\n its ICC color management library. If a user or automated system were\n tricked into opening a crafted Postscript file, an attacker could cause a\n denial of service or execute arbitrary code with privileges of the user\n invoking the program. (CVE-2009-0583)\n\n It was discovered that Ghostscript did not properly perform bounds\n checking in its ICC color management library. If a user or automated\n system were tricked into opening a crafted Postscript file, an attacker\n could cause a denial of service or execute arbitrary code with privileges\n of the user invoking the program. (CVE-2009-0584)\";\ntag_summary = \"The remote host is missing an update to gs-gpl\nannounced via advisory USN-757-1.\";\n\n \n\n\nif(description)\n{\n script_id(63856);\n script_version(\"$Revision: 7969 $\");\n script_tag(name:\"last_modification\", value:\"$Date: 2017-12-01 10:23:16 +0100 (Fri, 01 Dec 2017) $\");\n script_tag(name:\"creation_date\", value:\"2009-04-20 23:45:17 +0200 (Mon, 20 Apr 2009)\");\n script_cve_id(\"CVE-2008-5259\", \"CVE-2009-0584\", \"CVE-2009-0583\", \"CVE-2009-1012\", \"CVE-2007-6725\", \"CVE-2009-1016\", \"CVE-2009-1185\", \"CVE-2009-0796\", \"CVE-2009-0792\", \"CVE-2009-0196\", \"CVE-2008-6679\", \"CVE-2009-1186\");\n script_tag(name:\"cvss_base\", value:\"10.0\");\n script_tag(name:\"cvss_base_vector\", value:\"AV:N/AC:L/Au:N/C:C/I:C/A:C\");\n script_name(\"Ubuntu USN-757-1 (gs-gpl)\");\n\n\n\n script_category(ACT_GATHER_INFO);\n script_xref(name: \"URL\" , value: \"http://www.ubuntu.com/usn/usn-757-1/\");\n\n script_copyright(\"Copyright (c) 2009 E-Soft Inc. http://www.securityspace.com\");\n script_family(\"Ubuntu Local Security Checks\");\n script_dependencies(\"gather-package-list.nasl\");\n script_mandatory_keys(\"ssh/login/ubuntu_linux\", \"ssh/login/packages\");\n script_tag(name : \"insight\" , value : tag_insight);\n script_tag(name : \"summary\" , value : tag_summary);\n script_tag(name : \"solution\" , value : tag_solution);\n script_tag(name:\"qod_type\", value:\"package\");\n script_tag(name:\"solution_type\", value:\"VendorFix\");\n exit(0);\n}\n\n#\n# The script code starts here\n#\n\ninclude(\"pkg-lib-deb.inc\");\n\nres = \"\";\nreport = \"\";\nif ((res = isdpkgvuln(pkg:\"gs\", ver:\"8.15-4ubuntu3.3\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp\", ver:\"8.15.2.dfsg.0ubuntu1-0ubuntu1.2\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-gpl\", ver:\"8.15-4ubuntu3.3\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-doc\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-gpl\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-esp-dev\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-aladdin\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-common\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp-x\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-x\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-dev\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs8\", ver:\"8.61.dfsg.1-1ubuntu3.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-doc\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-common\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-gpl\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-esp-dev\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-aladdin\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp-x\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"gs-esp\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript-x\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"ghostscript\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs-dev\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libgs8\", ver:\"8.63.dfsg.1-0ubuntu6.4\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"udev\", ver:\"079-0ubuntu35.1\", rls:\"UBUNTU6.06 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id-dev\", ver:\"113-0ubuntu17.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id0\", ver:\"113-0ubuntu17.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"udev\", ver:\"113-0ubuntu17.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"volumeid\", ver:\"113-0ubuntu17.2\", rls:\"UBUNTU7.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id-dev\", ver:\"117-8ubuntu0.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id0\", ver:\"117-8ubuntu0.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"udev\", ver:\"117-8ubuntu0.2\", rls:\"UBUNTU8.04 LTS\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id-dev\", ver:\"124-9ubuntu0.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"libvolume-id0\", ver:\"124-9ubuntu0.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\nif ((res = isdpkgvuln(pkg:\"udev\", ver:\"124-9ubuntu0.2\", rls:\"UBUNTU8.10\")) != NULL) {\n report += res;\n}\n\nif (report != \"\") {\n security_message(data:report);\n} else if (__pkg_match) {\n exit(99); # Not vulnerable.\n}\n", "cvss": {"score": 10.0, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "securityvulns": [{"lastseen": "2018-08-31T11:09:32", "bulletinFamily": "software", "cvelist": ["CVE-2008-5259"], "description": "Integer overflow on video stream chunk parsing leads to buffer overflow.", "edition": 1, "modified": "2009-04-17T00:00:00", "published": "2009-04-17T00:00:00", "id": "SECURITYVULNS:VULN:9849", "href": "https://vulners.com/securityvulns/SECURITYVULNS:VULN:9849", "title": "DivX WebPlayer buffer overflow", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}, {"lastseen": "2018-08-31T11:10:30", "bulletinFamily": "software", "cvelist": ["CVE-2008-5259"], "description": "====================================================================== \r\n\r\n Secunia Research 15/04/2009\r\n\r\n - DivX Web Player Stream Format Chunk Buffer Overflow -\r\n\r\n====================================================================== \r\nTable of Contents\r\n\r\nAffected Software....................................................1\r\nSeverity.............................................................2\r\nVendor's Description of Software.....................................3\r\nDescription of Vulnerability.........................................4\r\nSolution.............................................................5\r\nTime Table...........................................................6\r\nCredits..............................................................7\r\nReferences...........................................................8\r\nAbout Secunia........................................................9\r\nVerification........................................................10\r\n\r\n====================================================================== \r\n1) Affected Software \r\n\r\n* DivX Web Player version 1.4.2.7\r\n\r\nNOTE: Other versions may also be affected.\r\n\r\n====================================================================== \r\n2) Severity \r\n\r\nRating: Highly critical \r\nImpact: System access\r\nWhere: Remote\r\n\r\n====================================================================== \r\n3) Vendor's Description of Software \r\n\r\n"DivX Web Player lets you play up to HD-quality DivX\u00ae video in your \r\nweb browser. You can also use DivX Web Player to easily embed DivX \r\nvideos onto your website or blog."\r\n\r\nProduct Link:\r\nhttp://www.divx.com/en/web-player-windows\r\n\r\n====================================================================== \r\n4) Description of Vulnerability\r\n\r\nSecunia Research has discovered a vulnerability in DivX Web Player, \r\nwhich can be exploited by malicious people to compromise a user's \r\nsystem.\r\n\r\nThe vulnerability is caused due to a signedness error in the \r\nprocessing of "STRF" (Stream Format) chunks. This can be exploited to\r\ncause a heap-based buffer overflow via a specially crafted DivX file.\r\n\r\nSuccessful exploitation may allow execution of arbitrary code by \r\ntricking a user into visiting a malicious website.\r\n\r\n====================================================================== \r\n5) Solution \r\n\r\nUpdate to version 1.4.3.4, included in an updated DivX bundle.\r\n\r\n====================================================================== \r\n6) Time Table \r\n\r\n17/12/2008 - Vendor notified.\r\n18/12/2008 - Vendor response.\r\n11/03/2009 - DivX Web Player 1.4.3 released in a bundle update.\r\n15/04/2009 - Public disclosure.\r\n\r\n====================================================================== \r\n7) Credits \r\n\r\nDiscovered by Alin Rad Pop, Secunia Research.\r\n\r\n====================================================================== \r\n8) References\r\n\r\nThe Common Vulnerabilities and Exposures (CVE) project has assigned\r\nCVE-2008-5259 for the vulnerability.\r\n\r\n====================================================================== \r\n9) About Secunia\r\n\r\nSecunia offers vulnerability management solutions to corporate\r\ncustomers with verified and reliable vulnerability intelligence\r\nrelevant to their specific system configuration:\r\n\r\nhttp://secunia.com/advisories/business_solutions/\r\n\r\nSecunia also provides a publicly accessible and comprehensive advisory\r\ndatabase as a service to the security community and private \r\nindividuals, who are interested in or concerned about IT-security.\r\n\r\nhttp://secunia.com/advisories/\r\n\r\nSecunia believes that it is important to support the community and to\r\ndo active vulnerability research in order to aid improving the \r\nsecurity and reliability of software in general:\r\n\r\nhttp://secunia.com/secunia_research/\r\n\r\nSecunia regularly hires new skilled team members. Check the URL below\r\nto see currently vacant positions:\r\n\r\nhttp://secunia.com/corporate/jobs/\r\n\r\nSecunia offers a FREE mailing list called Secunia Security Advisories:\r\n\r\nhttp://secunia.com/advisories/mailing_lists/\r\n\r\n====================================================================== \r\n10) Verification \r\n\r\nPlease verify this advisory by visiting the Secunia website:\r\nhttp://secunia.com/secunia_research/2008-57/\r\n\r\nComplete list of vulnerability reports published by Secunia Research:\r\nhttp://secunia.com/secunia_research/\r\n\r\n======================================================================", "edition": 1, "modified": "2009-04-17T00:00:00", "published": "2009-04-17T00:00:00", "id": "SECURITYVULNS:DOC:21684", "href": "https://vulners.com/securityvulns/SECURITYVULNS:DOC:21684", "title": "Secunia Research: DivX Web Player Stream Format Chunk Buffer Overflow", "type": "securityvulns", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}}], "seebug": [{"lastseen": "2017-11-19T18:53:22", "description": "BUGTRAQ ID: 34523\r\nCVE(CAN) ID: CVE-2008-5259\r\n\r\nDivX Web Player\u662f\u4e00\u4e2a\u6d4f\u89c8\u5668\u63d2\u4ef6\uff0c\u5141\u8bb8\u5728\u6d4f\u89c8\u5668\u4e2d\u76f4\u63a5\u64ad\u653e\u5728\u7ebfDivX\u89c6\u9891\u3002\r\n\r\nDivX Web Player\u5728\u89e3\u6790DivX\u5a92\u4f53\u6587\u4ef6\u4e2d\u7684STRF\uff08Stream Format\uff09\u5757\u65f6\u5b58\u5728\u7b26\u53f7\u9519\u8bef\uff0c\u5982\u679c\u7528\u6237\u53d7\u9a97\u8bbf\u95ee\u4e86\u6076\u610f\u7f51\u7ad9\u5e76\u64ad\u653e\u4e86\u7578\u5f62\u7684\u5a92\u4f53\u6587\u4ef6\u7684\u8bdd\uff0c\u5c31\u53ef\u4ee5\u89e6\u53d1\u5806\u6ea2\u51fa\uff0c\u5bfc\u81f4\u6267\u884c\u4efb\u610f\u4ee3\u7801\u3002\n\nDivX Web Player 1.4.2.7\n DivX\r\n----\r\n\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\n\r\n<a href=http://www.divx.com/ target=_blank rel=external nofollow>http://www.divx.com/</a>", "published": "2009-04-16T00:00:00", "title": "DivX Web Player STRF\u5757\u5904\u7406\u5806\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5259"], "modified": "2009-04-16T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-5061", "id": "SSV:5061", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}, {"lastseen": "2017-11-19T18:52:45", "description": "BUGTRAQ ID: 34523\r\nCVE ID\uff1aCVE-2008-5259\r\nCNCVE ID\uff1aCNCVE-20085259\r\n\r\nDivX Web Player\u7528\u4e8e\u5728\u7ebf\u64ad\u653eDivX\u89c6\u9891\u7684\u5e94\u7528\u7a0b\u5e8f\u3002\r\nDivX Web Player\u5904\u7406"STRF" (Stream Format)\u5757\u5b58\u5728\u9519\u8bef\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u4ee5\u5e94\u7528\u7a0b\u5e8f\u5b89\u5168\u4e0a\u4e0b\u6587\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\r\n\u901a\u8fc7\u63d0\u4ea4\u7279\u6b8a\u6784\u5efa\u7684DivX\u6587\u4ef6\uff0c\u8bf1\u4f7f\u7528\u6237\u8bbf\u95ee\uff0c\u53ef\u5bfc\u81f4\u5904\u7406"STRF" (Stream Format)\u5757\u65f6\u5b58\u5728\u7b26\u53f7\u9519\u8bef\u800c\u89e6\u53d1\u57fa\u4e8e\u5806\u7684\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u53ef\u80fd\u4ee5\u5e94\u7528\u7a0b\u5e8f\u6743\u9650\u6267\u884c\u4efb\u610f\u6307\u4ee4\u3002\n\nDivX Inc. DivX Web Player 1.4.2\n \u5347\u7ea7\u5230DivX Web Player 1.4.3.4\uff1a\r\n<a href=http://www.divx.com/divx/webplayer/ target=_blank rel=external nofollow>http://www.divx.com/divx/webplayer/</a>", "published": "2009-04-21T00:00:00", "title": "DivX Web Player 'STRF'\u5757\u5904\u7406\u8fdc\u7a0b\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "type": "seebug", "bulletinFamily": "exploit", "cvelist": ["CVE-2008-5259"], "modified": "2009-04-21T00:00:00", "href": "https://www.seebug.org/vuldb/ssvid-5074", "id": "SSV:5074", "sourceData": "", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "sourceHref": ""}], "nessus": [{"lastseen": "2021-02-01T02:03:26", "description": "DivX Web Player, which allows for playing HD-quality DivX video in a\nweb browser, is installed on the remote host.\n\nThe installed version contains a heap-based buffer overflow that is\ntriggered when processing 'STRF' (Stream Format) chunks. Using a\nspecially crafted DivX file, an attacker may be able to leverage this\nissue to execute arbitrary code on the host subject to the user's\nprivileges.", "edition": 25, "published": "2009-04-17T00:00:00", "title": "DivX Web Player < 1.4.3.4 Stream Format Chunk Buffer Overflow", "type": "nessus", "bulletinFamily": "scanner", "cvelist": ["CVE-2008-5259"], "modified": "2021-02-02T00:00:00", "cpe": [], "id": "DIVX_WEB_PLAYER_1_4_3_4.NASL", "href": "https://www.tenable.com/plugins/nessus/36185", "sourceData": "#\n# (C) Tenable Network Security, Inc.\n#\n\n\ninclude(\"compat.inc\");\n\n\nif (description)\n{\n script_id(36185);\n script_version(\"1.10\");\n script_cvs_date(\"Date: 2018/11/15 20:50:26\");\n\n script_cve_id(\"CVE-2008-5259\");\n script_bugtraq_id(34523);\n script_xref(name:\"Secunia\", value:\"33196\");\n\n script_name(english:\"DivX Web Player < 1.4.3.4 Stream Format Chunk Buffer Overflow\");\n script_summary(english:\"Checks version of npdivx32.dll\");\n\n script_set_attribute(attribute:\"synopsis\", value:\n\"The remote Windows host contains a media player that is susceptible to\na buffer overflow attack.\");\n script_set_attribute(attribute:\"description\", value:\n\"DivX Web Player, which allows for playing HD-quality DivX video in a\nweb browser, is installed on the remote host.\n\nThe installed version contains a heap-based buffer overflow that is\ntriggered when processing 'STRF' (Stream Format) chunks. Using a\nspecially crafted DivX file, an attacker may be able to leverage this\nissue to execute arbitrary code on the host subject to the user's\nprivileges.\");\n script_set_attribute(attribute:\"see_also\", value:\"https://secuniaresearch.flexerasoftware.com/secunia_research/2008-57/\");\n script_set_attribute(attribute:\"solution\", value:\n\"Upgrade to DivX Web Player 1.4.3.4 or later in an updated DivX bundle\nas that reportedly addresses the issue.\");\n script_set_cvss_base_vector(\"CVSS2#AV:N/AC:M/Au:N/C:C/I:C/A:C\");\n script_set_cvss_temporal_vector(\"CVSS2#E:U/RL:OF/RC:C\");\n script_set_attribute(attribute:\"exploitability_ease\", value:\"No known exploits are available\");\n script_set_attribute(attribute:\"exploit_available\", value:\"false\");\n script_cwe_id(189);\n\n script_set_attribute(attribute:\"plugin_publication_date\", value:\"2009/04/17\");\n\n script_set_attribute(attribute:\"plugin_type\", value:\"local\");\n script_end_attributes();\n\n script_category(ACT_GATHER_INFO);\n script_family(english:\"Windows\");\n\n script_copyright(english:\"This script is Copyright (C) 2009-2018 Tenable Network Security, Inc.\");\n\n script_dependencies(\"smb_hotfixes.nasl\");\n script_require_keys(\"SMB/Registry/Enumerated\");\n script_require_ports(139, 445);\n\n exit(0);\n}\n\n\ninclude(\"smb_func.inc\");\ninclude(\"smb_hotfixes.inc\");\ninclude(\"audit.inc\");\n\nif (!get_kb_item(\"SMB/Registry/Enumerated\")) exit(0);\n\n\nfunction mk_unicode(str)\n{\n local_var i, l, null, res;\n\n l = strlen(str);\n null = '\\x00';\n res = \"\";\n\n for (i=0; i<l; i++)\n res += str[i] + null;\n\n return res;\n}\n\n\n# Detect where it's installed.\n#\n# nb: don't exit if a key isn't found -- we'll check another location later.\nlist = get_kb_list(\"SMB/Registry/HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Uninstall/*/DisplayName\");\nif (isnull(list)) exit(0);\nkey = NULL;\nforeach name (keys(list))\n{\n prod = list[name];\n if (prod && prod =~ \"^DivX Web Player\")\n {\n key = ereg_replace(pattern:\"^SMB\\/Registry\\/HKLM\\/(.+)\\/DisplayName$\", replace:\"\\1\", string:name);\n key = str_replace(find:\"/\", replace:\"\\\", string:key);\n break;\n }\n}\n\n\n# Connect to the appropriate share.\nport = kb_smb_transport();\nlogin = kb_smb_login();\npass = kb_smb_password();\ndomain = kb_smb_domain();\n\nif(!smb_session_init()) audit(AUDIT_FN_FAIL, 'smb_session_init');\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:\"IPC$\");\nif (rc != 1)\n{\n NetUseDel();\n exit(0);\n}\n\n\n# Connect to remote registry.\nhklm = RegConnectRegistry(hkey:HKEY_LOCAL_MACHINE);\nif (isnull(hklm))\n{\n NetUseDel();\n exit(0);\n}\n\n\n# Find the agent's location.\npath = NULL;\n\nif (!isnull(key))\n{\n key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);\n if (!isnull(key_h))\n {\n item = RegQueryValue(handle:key_h, item:\"InstallLocation\");\n if (!isnull(item))\n {\n path = item[1];\n path = ereg_replace(pattern:\"^(.+)\\\\$\", replace:\"\\1\", string:path);\n }\n\n RegCloseKey(handle:key_h);\n }\n}\nif (isnull(path))\n{\n key = \"SOFTWARE\\DivXNetworks\\DivXBrowserPlugin\";\n key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);\n if (!isnull(key_h))\n {\n item = RegQueryValue(handle:key_h, item:\"SkinPath\");\n if (!isnull(item))\n {\n path = item[1];\n path = ereg_replace(pattern:\"^(.+)\\\\[^\\\\]+$\", replace:\"\\1\", string:path);\n }\n\n RegCloseKey(handle:key_h);\n }\n}\nif (isnull(path))\n{\n key = \"SOFTWARE\\MozillaPlugins\\@divx.com/DivX Browser Plugin,version=1.0.0\";\n key_h = RegOpenKey(handle:hklm, key:key, mode:MAXIMUM_ALLOWED);\n if (!isnull(key_h))\n {\n item = RegQueryValue(handle:key_h, item:\"Path\");\n if (!isnull(item))\n {\n path = item[1];\n path = ereg_replace(pattern:\"^(.+)\\\\[^\\\\]+\\.dll$\", replace:\"\\1\", string:path);\n }\n\n RegCloseKey(handle:key_h);\n }\n}\nRegCloseKey(handle:hklm);\nif (isnull(path))\n{\n NetUseDel();\n exit(0);\n}\n\n\n# Grab the version from npdivx32.dll\nshare = ereg_replace(pattern:\"^([A-Za-z]):.*\", replace:\"\\1$\", string:path);\ndll = ereg_replace(pattern:\"^[A-Za-z]:(.*)\", replace:\"\\1\\npdivx32.dll\", string:path);\nNetUseDel(close:FALSE);\n\nrc = NetUseAdd(login:login, password:pass, domain:domain, share:share);\nif (rc != 1)\n{\n NetUseDel();\n exit(0);\n}\n\nfh = CreateFile(\n file:dll,\n desired_access:GENERIC_READ,\n file_attributes:FILE_ATTRIBUTE_NORMAL,\n share_mode:FILE_SHARE_READ,\n create_disposition:OPEN_EXISTING\n);\n\nversion = NULL;\nif (!isnull(fh))\n{\n fsize = GetFileSize(handle:fh);\n if (fsize < 90000) off = 0;\n else off = fsize - 90000;\n\n vs_version_info = mk_unicode(str:\"VS_VERSION_INFO\");\n while (fsize > 0 && off <= fsize)\n {\n data = ReadFile(handle:fh, length:16384, offset:off);\n if (strlen(data) == 0) break;\n\n i = stridx(data, vs_version_info);\n if (i >= 0)\n {\n off += i;\n table = ReadFile(handle:fh, length:1024, offset:off);\n\n fileversion = mk_unicode(str:\"FileVersion\");\n if (fileversion >< table)\n {\n i = stridx(table, fileversion) + strlen(fileversion);\n while (i<strlen(table) && !ord(table[i])) i++;\n while (i<strlen(table) && ord(table[i]))\n {\n version += table[i];\n i += 2;\n }\n version = str_replace(find:\" \", replace:\"\", string:version);\n version = str_replace(find:\",\", replace:\".\", string:version);\n }\n break;\n }\n else off += 16383;\n }\n\n CloseFile(handle:fh);\n}\nNetUseDel();\n\n\n# Check the version number.\nif (!isnull(version))\n{\n ver = split(version, sep:'.', keep:FALSE);\n for (i=0; i<max_index(ver); i++)\n ver[i] = int(ver[i]);\n\n fix = split(\"1.4.3.4\", sep:'.', keep:FALSE);\n for (i=0; i<max_index(fix); i++)\n fix[i] = int(fix[i]);\n\n for (i=0; i<max_index(ver); i++)\n if ((ver[i] < fix[i]))\n {\n if (report_verbosity > 0)\n {\n report = string(\n \"\\n\",\n \"Nessus collected the following information about the remote DivX Web\\n\",\n \"Player installation :\\n\",\n \"\\n\",\n \" Version : \", version, \"\\n\",\n \" Path : \", path, \"\\n\"\n );\n security_hole(port:port, extra:report);\n }\n else security_hole(port);\n break;\n }\n else if (ver[i] > fix[i])\n break;\n}\n", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}}]}