Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

REWTERZ-20100103 - Ofilter Player Local Denial of Service (DoS) Vulnerability
From: rewterz security team <advisories () rewterz com>
Date: Tue, 5 Jan 2010 20:35:35 +0500

========================================================
Rewterz 05/01/2010

- Ofilter Player Local Denial of Service (DoS) Vulnerability -

1) Affected Software

* Ofilter Player 1.1

NOTE: Other versions may also be affected.


========================================================
2) Severity

Rating: Low
Impact: Denial of Service
Where: Local


========================================================
3) Vendor's Description of Software

"Ofilter Player is an easy-to-use multimedia player. It can play many
kinds of audio and video formats such as mp3, wav, midi, avi, VCD,
mpeg etc.

It supports the powerful playback control: play, pause, stop, step,
skip forward, skip backward. It can display and configure all filters'
properties during the playback of the video."

Product Link:
http://www.008soft.com/products/ofilter-player.htm


========================================================
4) Description of Vulnerability

Rewterz has discovered vulnerability in Ofilter Player. This
vulnerability could lead to Denial of Service with the privileges of
the current process or user and cause application to crash.

This vulnerability exists in the handling of application skin by the
user. We chose not to provide detailed information about the location
of the vulnerability and how to reproduce it because the author hasn't
confirmed this vulnerability. We can pass a long argument into the skin
file. There is no checking of the length of these inputs. Depending on
the input, this will cause DoS condition.

We have confirmed the ability to execute our own code.


========================================================
5) Credits

Discovered by Rehan Ahmed, Rewterz.


========================================================
6) About Rewterz

Rewterz is a boutique Information Security company, committed to
consistently providing world class professional security services.
Our strategy revolves around the need to provide round-the-clock
quality information security services and solutions to our customers.
We maintain this standard through our highly skilled and professional
team, and custom-designed, customer-centric services and products.

http://www.rewterz.com


Complete list of vulnerability advisories published by Rewterz:

http://rewterz.com/securityadvisories.php


========================================================

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


  By Date           By Thread  

Current thread:
  • REWTERZ-20100103 - Ofilter Player Local Denial of Service (DoS) Vulnerability rewterz security team (Jan 05)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]