Release date: 2013-10-04
Updated on:
Affected Systems:
PMC-HC Media Player Classic 1.6.7.7114
Description:
--------------------------------------------------------------------------------
Bugtraq id: 62844
CVE (CAN) ID: CVE-2013-3488, CVE-2013-3489
Media Player Classic is a simple Media Player.
Media Player Classic 1.6.7.7114 parses the Transport Stream (M2TS) file in the MPEG-2 and RealMedia ". when the "genr" block in the rm "file has a boundary error and an integer overflow error, this can cause stack buffer overflow and heap buffer overflow, resulting in arbitrary code execution.
<* Source: kaveh ghaemmaghami
Link: http://secunia.com/advisories/53349/
*>
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
PMC-HC
------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://mpc-hc.org/
Http://mpc-hc.org/2013/09/29/1.7.0-released/