ffdshow URL link buffer overflow

2009-03-25T00:00:00
ID SAINT:C1C1F2A4EC78FAFEF3334684366E61EE
Type saint
Reporter SAINT Corporation
Modified 2009-03-25T00:00:00

Description

Added: 03/25/2009
CVE: CVE-2008-5381
BID: 32438
OSVDB: 50064

Background

ffdshow tryouts (also known just as ffdshow) is an audio and video decoder for Windows.

Problem

A buffer overflow vulnerability allows command execution when a user opens a media stream with a long, specially crafted URL link.

Resolution

Upgrade to the latest version of ffdshow.

References

<http://archives.neohapsis.com/archives/bugtraq/2008-11/0182.html>

Limitations

Exploit works on ffdshow rev2322 and requires a user to load the exploit page in a web browser.

Platforms

Windows