Lucene search

SAINT CorporationSAINT:EEBF01DF8C049AA3716E0230EE21FDA5

HistoryMar 25, 2009 - 12:00 a.m.

ffdshow URL link buffer overflow

2009-03-2500:00:00

SAINT Corporation

download.saintcorporation.com

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.191 Low

EPSS

Percentile

96.3%

JSON

Added: 03/25/2009
CVE: CVE-2008-5381
BID: 32438
OSVDB: 50064

Background

ffdshow tryouts (also known just as ffdshow) is an audio and video decoder for Windows.

Problem

A buffer overflow vulnerability allows command execution when a user opens a media stream with a long, specially crafted URL link.

Resolution

Upgrade to the latest version of ffdshow.

References

<http://archives.neohapsis.com/archives/bugtraq/2008-11/0182.html>

Limitations

Exploit works on ffdshow rev2322 and requires a user to load the exploit page in a web browser.

Platforms

Windows

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.191 Low

EPSS

Percentile

96.3%

JSON

Related for SAINT:EEBF01DF8C049AA3716E0230EE21FDA5