Signature Detail
Short Name |
HTTP:STC:DL:MAL-PLF |
|---|---|
Severity |
High |
Recommended |
No |
Recommended Action |
Drop |
Category |
HTTP |
Keywords |
Malformed Play List File (PLF) |
Release Date |
2012/11/30 |
Update Number |
2207 |
Supported Platforms |
idp-4.0+, isg-3.1.134269+, j-series-9.5+, mx-9.4+, srx-9.2+, srx-branch-9.4+, vsrx-12.1+ |
HTTP: Malformed Play List File (PLF)
This signature detects attempts to exploit a known vulnerability in DVD X Player and Aviosoft DTV Player. A successful attack can lead to a buffer overflow and arbitrary remote code execution within the context of the targeted application.
Extended Description
DVD X Player is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer. Successfully exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the affected user. Failed exploit attempts likely result in application crashes. This issue affects DVD X Player 4.1; other versions may also be affected.
Affected Products
- DVD X Studios DVD X Players 4.1
- DVD X Studios DVD X Players 5.5
References
- BugTraq: 69220
- BugTraq: 24278
- BugTraq: 50582
- CVE: CVE-2007-3068
- CVE: CVE-2011-4496
- URL: http://www.kb.cert.org/vuls/id/998403