Bugtraq mailing list archives

Re: Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability

From: "Michal Bucko (hackpl)" <sapheal () hack pl>
Date: Wed, 16 May 2007 17:53:34 +0200

Dear 3APA3A,

In my opinion, You are only partially right. It is true that not all
of the bugs are security-related ones. It is, however, untrue that
the problem iself is only limited to media file playing refusal as
it leads to a crash. I don't see much security impact, too.
According to SecurityFocus (BID: 23991),
"[..] Media Player Classic is prone to a denial-of-service vulnerability
when processing a malformed MPA file. A remote attacker can
exploit this issue to crash the affected application, denying service
to legitimate users.[..]"

The issue is definetely not a conversation piece, I agree ;-)

Michal

----- Original Message -----From: "3APA3A" <3APA3A () SECURITY NNOV RU>

To: "Michal Bucko (hackpl)" <sapheal () hack pl>
Cc: <bugtraq () securityfocus com>
Sent: Wednesday, May 16, 2007 5:31 PM

Subject: Re: Media Player Classic .MPA Div-By-Zero Denial of ServiceVulnerability

Dear Michal Bucko (hackpl),

DoS  against  e.g. Internet Explorer may be treated as a vulnerability,
because  all  windows  are  closed  and  user  can  loose  some  useful
information.  This is very low impact, but it is. In this case I see no
impact at all. Resource consumption during dump file creation?

Universal DoS against any media player:

1. Create new file in notepad
2. Type "Na!"
3. Save file as exploit.mp3
4. Open file in any media player.
5. Media player fails to play.

Is it vulnerability? Guys, not any application bug is security one.

--Tuesday, May 15, 2007, 1:49:54 AM, you wrote tobugtraq () securityfocus com:

MBh> Media Player Classic fails to handle MPA-extension media files. Whenempty

MBh> file provided Media Player
MBh> Classic fails to properly parse MPA file format.

MBh> 00634DD1 |. 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+18]
MBh> 00634DD5 |. 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14]
MBh> 00634DD9 |. 33D2 XOR EDX,EDX
MBh> 00634DDB |. F7F1 DIV ECX

MBh> ECX 00000000


--
~/ZARAZA http://securityvulns.com/

Current thread:

Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability Michal Bucko (hackpl) (May 15)
- Re: Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability 3APA3A (May 16)
  - Re: Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability Michal Bucko (hackpl) (May 16)