Vulners
Lucene search
BS.Player v2.51 build 1022 (Media Library) Remote Buffer Overflow Vulnerability
| Reporter | Title | Published | Views | Family All 7 |
|---|---|---|---|---|
 | CVE-2010-2009 | 21 May 201017:30 | – | attackerkb |
 | CVE-2010-2009 | 21 May 201017:00 | – | cve |
 | CVE-2010-2009 | 21 May 201017:00 | – | cvelist |
 | CVE-2010-2009 | 21 May 201017:30 | – | nvd |
 | BS.Player '.bsl' File Buffer Overflow Vulnerabilities | 25 May 201000:00 | – | openvas |
 | Stack overflow | 21 May 201017:30 | – | prion |
 | CVE-2010-2009 | 22 May 202512:30 | – | redhatcve |
<html><body><p>BS.Player v2.51 build 1022 (Media Library) Remote Buffer Overflow Vulnerability
Advisory: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4932.php
Summary: Ever since the very beginning in the year 2000, the BS.Player� has been one of
the world's most popular video players. It is popular for many reasons. One however
should be pointed out: BS.Player� is the first software movie player ever to enable
its users to focus on watching the movie instead of dealing with poor computer
capabilities or running around looking for a proper setting and codec. Also, it has
very low CPU and RAM requirements.
Desc: BS.Player and its feature Media Library is prone to a buffer overflow vulnerability because
it fails to adequatly sanitize boundry check when processing mp3 file and its metadata. When
you load the evil .mp3 file in the Media Library > Audio launched from bsplayer the application
crashes instantly giving us info that ECX and EIP got overwritten enabling the attacker to gain
full access to the application's memory and execute arbitrary code.
Tested on Microsoft Windwos XP Professional SP3 (EN)
Version tested: 2.41 build 1003 and 2.51 build 1022
Product web page: http:/www.bsplayer.org | http://www.bsplayer.com
Vendor: Webteh d.o.o.
Vuln found: 27.02.2010
====================================================================================================
(edc.ac8): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000000 ebx=00000000 ecx=41414141 edx=7c9032bc esi=00000000 edi=00000000
eip=41414141 esp=0012d250 ebp=0012d270 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210246
*** WARNING: Unable to verify checksum for C:\Program Files\Webteh\BSplayer\bsplayer.exe
*** ERROR: Module load completed but symbols could not be loaded for C:\Program Files\Webteh\BSplayer\bsplayer.exe
bsplayer+0x10041:
41414141 00b001e97402 add byte ptr <unloaded_32.dll>+0x274e900 (0274e901)[eax],dh ds:0023:0274e901=??
====================================================================================================
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
liquidworm gmail com
Zero Science Lab - http://www.zeroscience.mk
PoC:
http://zeroscience.mk/codes/aimp2_evil.mp3
[mirror] http://milw0rm.com/sploits/2009-aimp2_evil.mp3
[mirror] http://securityreason.com/download/11/13
//EOF</unloaded_32.dll></p></body></html>Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
05 Mar 2010 00:00Current
6.3Medium risk
Vulners AI Score6.3
CVSS 29.3
EPSS0.12608