Divx Player vulnerabilities

CVE-2010-5231 [MEDIUM] CVE-2010-5231: Untrusted search path vulnerability in DivX Player 7.2.019 allows local users to gain privileges via Untrusted search path vulnerability in DivX Player 7.2.019 allows local users to gain privileges via a Trojan horse VersionCheckDLL.dll file in the current working directory, as demonstrated by a directory that contains a .avi file. NOTE: the provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2008-1912 [CRITICAL] CWE-119 CVE-2008-1912: Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and earlier allows user-assisted remot Stack-based buffer overflow in DivX Player 6.7 build 6.7.0.22 and earlier allows user-assisted remote attackers to cause a denial of service (application crash) or execute arbitrary code via a long subtitle in a .SRT file.

CVE-2008-0090 [MEDIUM] CWE-119 CVE-2008-0090: A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a de A certain ActiveX control in npUpload.dll in DivX Player 6.6.0 allows remote attackers to cause a denial of service (Internet Explorer 7 crash) via a long argument to the SetPassword method.

CVE-2007-0429 [MEDIUM] CVE-2007-0429: DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed with DivX Player 6.4.1, allows DivXBrowserPlugin (aka DivX Web Player) npdivx32.dll, as distributed with DivX Player 6.4.1, allows remote attackers to cause a denial of service (Internet Explorer 7 crash) by invoking the GoWindowed method for a certain instance of the ActiveX object.

CVE-2006-6444 [MEDIUM] CVE-2006-6444: Stack-based buffer overflow in Nostra DivX Player 2.1, 2.2.00.0, and possibly earlier, allows remote Stack-based buffer overflow in Nostra DivX Player 2.1, 2.2.00.0, and possibly earlier, allows remote attackers to execute arbitrary code via a long string in an M3U file. NOTE: The provenance of this information is unknown; the details are obtained solely from third party information.

CVE-2005-0304 [MEDIUM] CVE-2005-0304: Directory traversal vulnerability in DivX Player 2.6 and earlier allows remote attackers to overwrit Directory traversal vulnerability in DivX Player 2.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename in a ZIP file for a skin.