1337day-Exploits Posted November 30, 2012 Share Posted November 30, 2012 PacketStorm-Security Acaba de publicar lo siguiente: This is the hidden content, please Sign In or Sign Up ;) This Metasploit module exploits a vulnerability found in BlazeVideo HDTV Player's filename handling routine. When supplying a string of input data embedded in a .plf file, the MediaPlayerCtrl.dll component will try to extract a filename by using PathFindFileNameA(), and then copies whatever the return value is on the stack by using an inline strcpy. As a result, if this input data is long enough, it can cause a stack-based buffer overflow, which may lead to arbitrary code execution under the context of the user. 11-30-2012 05:29 PM Link to comment Share on other sites More sharing options...
Recommended Posts