======================================================== Rewterz 05/01/2010 - n.player Local Heap Overflow Vulnerability - 1) Affected Software * n.player 1.12.07 NOTE: Other versions may also be affected. ======================================================== 2) Severity Rating: High Impact: Denial of Service Manipulation of Data Where: Local ======================================================== 3) Vendor's Description of Software "n.player is a versatile media player that plays audio CDs, DVD, WMA, MP3, AVI, DiVX and other media with the preinstalled DirectShow decoder. n.player also supports enhanced features for playing video and audio. n.player includes the high-quality audio equalizer, support for divX subtitles, many functions for video and audio playback and ATI Remote Wonder controller support." Product Link: http://www.softpedia.com/get/Multimedia/Video/Video-Players/nplayer.shtml http://www.samo.cz ======================================================== 4) Description of Vulnerability Rewterz has discovered vulnerability in n.player. This vulnerability could lead to execution of code with the privileges of the current process or user. This vulnerability exists in the handling of application skin selection by the user. We chose not to provide detailed information about the location of the vulnerability and how to reproduce it because the author hasn't confirmed this vulnerability. We can pass a long argument with some commands into a heap. There is no checking of the length of these inputs. Depending on the input, this will cause exploitable condition. We have confirmed the ability to execute our own code. This is a common heap overflow vulnerability and can be exploited easily. ======================================================== 5) Credits Discovered by Rehan Ahmed, Rewterz. ======================================================== 6) About Rewterz Rewterz is a boutique Information Security company, committed to consistently providing world class professional security services. Our strategy revolves around the need to provide round-the-clock quality information security services and solutions to our customers. We maintain this standard through our highly skilled and professional team, and custom-designed, customer-centric services and products. http://www.rewterz.com Complete list of vulnerability advisories published by Rewterz: http://rewterz.com/securityadvisories.php ========================================================