Zoom Player versions 6.00 beta 2 and below suffer from a unicode related buffer overflow vulnerability.
61e8eb89fa9b401f3e0c9496b07ea14ca0ed1b6ebecb10d3e1cc3ae4396fecf5
#######################################################################
Luigi Auriemma
Application: Zoom Player
http://www.inmatrix.com
Versions: <= v6.00 beta 2 and naturally all the stable v5 versions
Platforms: Windows
Bug: unicode buffer-overflow
Exploitation: local
Date: 24 Dec 2007
Author: Luigi Auriemma
e-mail: aluigi@autistici.org
web: aluigi.org
#######################################################################
1) Introduction
2) Bug
3) The Code
4) Fix
#######################################################################
===============
1) Introduction
===============
Zoom Player is a media player for Windows which supports many formats
through external filters.
#######################################################################
======
2) Bug
======
Zoom Player is affected by an unicode buffer-overflow in the function
which builds the error messages.
The problem can be exploited for example through a malformed ZPL file
containing a http link to a file with PLS extension which will force
the program to use wsprintf for building the "Unable to play [%s]"
error message.
#######################################################################
===========
3) The Code
===========
http://aluigi.org/poc/zoomprayer.zpl
#######################################################################
======
4) Fix
======
The next beta will contain the fix.
#######################################################################
---
Luigi Auriemma
http://aluigi.org
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed