header-logo
Suggest Exploit
vendor:
DivX Player
by:
SecurityFocus
8.8
CVSS
HIGH
Directory Traversal
22
CWE
Product Name: DivX Player
Affected Version From: Not Specified
Affected Version To: Not Specified
Patch Exists: YES
Related CWE: CVE-2005-3106
CPE: o:divx:divx_player
Metasploit: https://www.rapid7.com/db/vulnerabilities/linuxrpm-CESA-2006-0101/https://www.rapid7.com/db/vulnerabilities/linuxrpm-RHSA-2006-0101/
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Not Specified
2005

DivX Player Directory Traversal Vulnerability

DivX Player is prone to a directory traversal vulnerability when DPS '.dps', archive files are processed. An attacker may exploit this issue to save a script or executable file in an arbitrary location, which may lead to the execution of malicious code when the affected system is restarted. Alternatively, the attacker may overwrite a target file with the privileges of a user that is installing a malicious skin file.

Mitigation:

Users should avoid opening DPS files from untrusted sources.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/12332/info

DivX Player is reported prone to a directory traversal vulnerability. The issue presents itself when DPS '.dps', archive files are processed.

Ultimately an attacker may exploit this issue to save a script or executable file in an arbitrary location. This may lead to the execution of malicious code when the affected system is restarted. Alternatively, the attacker may overwrite a target file with the privileges of a user that is installing a malicious skin file. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/25057.dps

Navigation

Suggest Exploit

Services By CQR