CVSS: 9.3EPSS: 97%CPEs: 3EXPL: 4CVE-2010-3138 – Media Player Classic 1.3.2189.0 - 'iacenc.dll' DLL Hijacking
https://notcve.org/view.php?id=CVE-2010-3138
Untrusted search path vulnerability in the Indeo Codec in iac25_32.ax in Microsoft Windows XP SP3 allows local users to gain privileges via a Trojan horse iacenc.dll file in the current working directory, as demonstrated by access through BS.Player or Media Player Classic to a directory that contains a .avi, .mka, .ra, or .ram file, aka "Indeo Codec Insecure Library Loading Vulnerability." NOTE: some of these details are obtained from third party information. Una vulnerabilidad de ruta (path) de búsqueda no confiable en el Códec Indeo en el archivo iac25_32.ax en Microsoft Windows XP SP3, permite a los usuarios locales alcanzar privilegios por medio de un archivo iacenc.dll de tipo caballo de Troya en el directorio de trabajo actual, como es demostrado por el acceso por medio de BS.Player o Media Player Classic a un directorio que contiene un archivo .avi, .mka, .ra o .ram, también se conoce como "Indeo Codec Insecure Library Loading Vulnerability" NOTA: algunos de estos datos se obtienen de información de terceros. • https://www.exploit-db.com/exploits/14765 https://www.exploit-db.com/exploits/14788 http://osvdb.org/67588 http://secunia.com/advisories/41114 http://www.exploit-db.com/exploits/14765 http://www.exploit-db.com/exploits/14788 http://www.us-cert.gov/cas/techalerts/TA12-045A.html http://www.vupen.com/english/advisories/2010/2190 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4956.php https://docs.microsoft.com/en-us/security-updates/securitybulletins/2012/ms12-0 •
CVSS: 9.3EPSS: 2%CPEs: 2EXPL: 2CVE-2010-2009
https://notcve.org/view.php?id=CVE-2010-2009
Stack-based buffer overflow in the media library in BS.Global BS.Player 2.51 build 1022, 2.41 build 1003, and possibly other versions allows user-assisted remote attackers to execute arbitrary code via a long ID3 tag in a .MP3 file. NOTE: some of these details are obtained from third party information. Desbordamiento de búfer basado en pila en la librería multimedia de BS.Global BS.Player v2.51 build 1022, v2.41 build 1003, y posiblemente otras versiones. Permite a atacantes remotos asistidos por el usuario ejecutar código de su elección a través de un etiqueta extensa ID3 en un fichero .MP3. NOTA: algunos de estos detalles han sido obtenidos de información de terceras partes. • http://secunia.com/advisories/38221 http://www.packetstormsecurity.org/1003-advisories/bsplayerml-overflow.txt http://www.securityfocus.com/bid/38568 http://www.zeroscience.mk/en/vulnerabilities/ZSL-2010-4932.php • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 22%CPEs: 1EXPL: 6CVE-2010-2004 – BS.Player 2.51 - Overwrite (SEH)
https://notcve.org/view.php?id=CVE-2010-2004
Stack-based buffer overflow in BS.Global BS.Player 2.51 Build 1022 Free, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via the Skin parameter in the Options section of a skins file (.bsi), a different vulnerability than CVE-2009-1068. Desbordamiento de búffer basado en pila de BS.Global BS.Player v2.51 Build 1022 Free y posiblemente otras versiones, permite a atacantes remotos asistidos por el usuario a través del parámetro Skin en la sección Options de un fichero "skins" (.bsi), vulnerabilidad diferente que CVE-2009-1068. • https://www.exploit-db.com/exploits/11146 https://www.exploit-db.com/exploits/11154 http://secunia.com/advisories/38221 http://www.exploit-db.com/exploits/11154 http://www.mertsarica.com/?p=511 http://www.mertsarica.com/codes/bsplayer_seh_overwrite.py http://www.securityfocus.com/bid/37831 http://www.vupen.com/english/advisories/2010/0148 https://exchange.xforce.ibmcloud.com/vulnerabilities/55708 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 20%CPEs: 1EXPL: 2CVE-2008-6583 – BS.Player 2.27 Build 959 - '.srt' File Buffer Overflow (PoC)
https://notcve.org/view.php?id=CVE-2008-6583
Buffer overflow in BS.player 2.27 build 959 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .SRT file. Desbordamiento de búfer en BS.player v2.27 build 959 permite a atacantes remotos producir una denegación de servicio (caída) y posiblemente ejecutar código de manera arbitraria a través de una cadena larga en un fichero .SRT. • https://www.exploit-db.com/exploits/5455 http://www.securityfocus.com/bid/28811 http://www.vupen.com/english/advisories/2008/1243/references https://exchange.xforce.ibmcloud.com/vulnerabilities/41841 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.3EPSS: 12%CPEs: 2EXPL: 3CVE-2009-1068 – BS.Player 2.34 - '.bsl' Universal Overwrite (SEH)
https://notcve.org/view.php?id=CVE-2009-1068
Stack-based buffer overflow in BS.Player (bsplayer) 2.32 Build 975 Free and 2.34 Build 980 PRO and earlier allows remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long hostname in a .bsl playlist file. Desbordamiento de búfer basado en pila en BS.Player (bsplayer) v2.32 Build 975 Free y v2.34 Build 980 PRO y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída de aplicación) o ejecutar código de su elección a través de un hostname largo en un fichero de lista de reproducción .bsl. • https://www.exploit-db.com/exploits/8251 https://www.exploit-db.com/exploits/8249 http://osvdb.org/52841 http://retrogod.altervista.org/9sg_bsplayer_seh.html http://secunia.com/advisories/34412 http://www.securityfocus.com/archive/1/502016/100/0/threaded http://www.securityfocus.com/bid/34190 http://www.vupen.com/english/advisories/2009/0800 https://exchange.xforce.ibmcloud.com/vulnerabilities/49342 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •