Search...

QuickPlayer '.m3u'文件缓冲区溢出漏洞

2008-07-17T00:00:00

ID SSV:3675
Type seebug
Reporter Root
Modified 2008-07-17T00:00:00

Description

BUGTRAQ ID: 30252 CNCAN ID：CNCAN-2008071702

QuickPlayer是一款媒体播放程序。 QuickPlayer处理'.m3u'文件存在缓冲区溢出，远程攻击者可以利用漏洞对应用程序进行拒绝服务攻击，可能导致任意代码执行。构建包含超长URL的'.m3u'文件，诱使QuickPlayer解析，可触发此漏洞。

M.J.M Quick Player 1.3 目前没有解决方案提供： <a href=http://www.mjm.at.ua/ target=_blank>http://www.mjm.at.ua/</a>

                                        
                                            
                                                #!/usr/bin/python
# QuickPlayer 1.3 [.m3u] url handling DOS
#This python script will generate an bad.m3u file that when 
#imported into QuickPlayer results in a crash.(Playlist-&gt;File-&gt;Load 
List)
#The vulnerability resides in failure to ha

JSON Vulners Source

Initial Source

{"href": "https://www.seebug.org/vuldb/ssvid-3675", "status": "poc,details", "history": [], "bulletinFamily": "exploit", "modified": "2008-07-17T00:00:00", "title": "QuickPlayer '.m3u'\u6587\u4ef6\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e", "cvss": {"vector": "NONE", "score": 0.0}, "sourceHref": "https://www.seebug.org/vuldb/ssvid-3675", "cvelist": [], "description": "BUGTRAQ ID: 30252\r\nCNCAN ID\uff1aCNCAN-2008071702\r\n\r\nQuickPlayer\u662f\u4e00\u6b3e\u5a92\u4f53\u64ad\u653e\u7a0b\u5e8f\u3002\r\nQuickPlayer\u5904\u7406'.m3u'\u6587\u4ef6\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\uff0c\u8fdc\u7a0b\u653b\u51fb\u8005\u53ef\u4ee5\u5229\u7528\u6f0f\u6d1e\u5bf9\u5e94\u7528\u7a0b\u5e8f\u8fdb\u884c\u62d2\u7edd\u670d\u52a1\u653b\u51fb\uff0c\u53ef\u80fd\u5bfc\u81f4\u4efb\u610f\u4ee3\u7801\u6267\u884c\u3002\r\n\u6784\u5efa\u5305\u542b\u8d85\u957fURL\u7684'.m3u'\u6587\u4ef6\uff0c\u8bf1\u4f7fQuickPlayer\u89e3\u6790\uff0c\u53ef\u89e6\u53d1\u6b64\u6f0f\u6d1e\u3002\n\nM.J.M Quick Player 1.3\n \u76ee\u524d\u6ca1\u6709\u89e3\u51b3\u65b9\u6848\u63d0\u4f9b\uff1a\r\n<a href=http://www.mjm.at.ua/ target=_blank>http://www.mjm.at.ua/</a>", "viewCount": 1, "published": "2008-07-17T00:00:00", "sourceData": "\n #!/usr/bin/python\r\n# QuickPlayer 1.3 [.m3u] url handling DOS\r\n#This python script will generate an bad.m3u file that when \r\n#imported into QuickPlayer results in a crash.(Playlist->File->Load \r\nList)\r\n#The vulnerability resides in failure to ha\n ", "id": "SSV:3675", "enchantments_done": [], "_object_type": "robots.models.seebug.SeebugBulletin", "type": "seebug", "lastseen": "2017-11-19T21:34:23", "reporter": "Root", "_object_types": ["robots.models.base.Bulletin", "robots.models.seebug.SeebugBulletin"], "enchantments": {"score": {"value": -0.1, "vector": "NONE", "modified": "2017-11-19T21:34:23"}, "dependencies": {"references": [], "modified": "2017-11-19T21:34:23"}, "vulnersScore": -0.1}, "objectVersion": "1.4", "references": []}