Network Security: Detailed info on Re: TotalPlayer 3.0 .m3u crash

Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.

Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.

Network Security Vuln-Dev

Subject:	Re: TotalPlayer 3.0 .m3u crash
Date:	Thu, 27 Dec 2007 11:27:11 +0100

Subject:

Re: TotalPlayer 3.0 .m3u crash

Date:

Thu, 27 Dec 2007 11:27:11 +0100

Total Player in reality is the recompiling of the CoolPlayer source code available on the official website http://coolplayer.sf.net with the "CoolPlayer" string substituited by "Total Player" (but with the same skin, that's why it shows the CoolPlayer name). Other than being in full GPL violation its installer contains a spyware too (totalplayer.exe "seems" safe). And yes, also CoolPlayer 217 is vulnerable to this stack buffer-overflow vulnerability. The problem is visible in the CPL_AddPrefixedFile function in CPI_Playlist.c, memcpy + strcpy on cFullPath which is 260 bytes long. --- Luigi Auriemma http://aluigi.org

<Prev in Thread]	Current Thread	[Next in Thread>
TotalPlayer 3.0 .m3u crash, david130490 Re: TotalPlayer 3.0 .m3u crash, Luigi Auriemma <= Re: TotalPlayer 3.0 .m3u crash, Luigi Auriemma Re: Re: TotalPlayer 3.0 .m3u crash, david130490 Re: Re: Re: TotalPlayer 3.0 .m3u crash, david130490

<Prev in Thread]

Current Thread

[Next in Thread>

Previous by Date:	IPortalX Forums Cross-Site Scripting Vulnerability, DoZ
Next by Date:	Latest round of web hacking incidents for 2007 & Project news, Ofer Shezaf
Previous by Thread:	TotalPlayer 3.0 .m3u crash, david130490
Next by Thread:	Re: TotalPlayer 3.0 .m3u crash, Luigi Auriemma
Indexes:	[Date] [Thread] [Top] [All Lists]

Previous by Date:

IPortalX Forums Cross-Site Scripting Vulnerability, DoZ

Next by Date:

Latest round of web hacking incidents for 2007 & Project news, Ofer Shezaf

Previous by Thread:

TotalPlayer 3.0 .m3u crash, david130490

Next by Thread:

Re: TotalPlayer 3.0 .m3u crash, Luigi Auriemma

Indexes:

[Date] [Thread] [Top] [All Lists]