vendor:
DivX Player
by:
milw0rm.com
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: DivX Player
Affected Version From: 6.7.2000
Affected Version To: 6.7.2000
Patch Exists: YES
Related CWE: N/A
CPE: divx_player
Metasploit:
N/A
Other Scripts:
N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References:
N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008
DIVX Player <= 6.7.0 Buffer Overflow PoC ( .SRT )
When parsing a subtitle file with an overly long subtitle DIVX player will deadly crash with eip overwritten. A perl script is used to create a .srt file with a payload of 4096 'A's.
Mitigation:
Upgrade to the latest version of DIVX Player