Multiple integer overflows in Media Player Classic (MPC) 6.4.9.0 and earlier, as used standalone and in mympc (aka CD-Storm) 1.0.0.1, StormPlayer 1.0.4, and possibly other products, allow remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large “indx truck size” and nEntriesInuse values.
CPE | Name | Operator | Version |
---|---|---|---|
media_player_classic | le | 6.4.9.0 | |
cd-storm | eq | 1.0.0.1 | |
stormplayer | eq | 1.0.4 |