Release DateMay 20, 2008 |
Severitycritical |
ImpactSystem Compromise: Remote attackers can gain control of vulnerable systems. |
DescriptionThis indicates an attempt to exploit a buffer-overflow vulnerability in DivX Player.This vulnerability is caused by the application's failure to properly check the bounds of user-supplied input, allowing execution of arbitrary code. A remote attacker may be able to exploit this by using an overly long subtitle in a .SRT file. |
Affected ProductsDivX Player 6.7 build 6.7.0.22 and earlier. |
Recommended ActionsDo not open untrusted subtitles. |
Coverage IPS
VCM |
Common Vulnerabilities and Exposures (CVE)CVE-2008-1912 |
Reference/shttp://www.securityfocus.com/bid/28799 (BugTraq)http://www.frsirt.com/english/advisories/2008/1235 (FrSIRT) |
