Mu Finds Vulnerabilities in MPlayer

SUNNYVALE, Calif. -- Mu Security, a pioneer in the new security analyzer market, has discovered and helped remediate Multiple Remote Arbitrary Execution Vulnerabilities in MPlayer. http://labs.musecurity.com/advisories.html

Affected Products/Versions: MPlayer 1.0rc2 and SVN before r25824 (Sun Jan 20 20:58:02 2008 UTC). Older versions are probably affected, but they were not checked.

Product Overview: MPlayer is a movie player which runs on many systems (see the documentation). It plays most MPEG/VOB, AVI, Ogg/OGM, VIVO, ASF/WMA/WMV, QT/MOV/MP4, RealMedia, Matroska, NUT, NuppelVideo, FLI, YUV4MPEG, FILM, RoQ, PVA files, supported by many native, XAnim, and Win32 DLL codecs. You can watch VideoCD, SVCD, DVD, 3ivx, DivX 3/4/5 and even WMV movies.http://www.mplayerhq.hu

Vulnerability Details

URL IPv6 Address Parsing Remote Heap Overflow: A heap overflow condition exists in the parsing of IPv6 addresses, allowing for arbitrary code execution.CDDB Remote Stack Overflow: A remote attacker may execute arbitrary code on a client machine by causing a specially crafted CDDB response to be sent to the client.

Vendor Response/Solution: Fixed in MPlayer SVN on Sun Jan 20 20:43:46 2008 UTC.

Credit: This vulnerability was discovered by Adam Bozanich of the Mu Security research team. http://labs.musecurity.com/pgpkey.txt

Mu Security Inc.