[EN] CVE-2009-0385 more details
I contacted Tobias Klein asked for a more details on the proof of concept for the bug described in CVE-2009-0385, his comment was as follows
The vulnerability is 100% exploitable to execute arbitrary code. See http://tk-blog.blogspot.com/2009/01/exploitable-userland-null-pointer.html.
Tobi
As described in his blog, an achievement confirmed the vulnerability and control the EIP in windows and opensuse.
The PoC has not told her anything about him, more than anything you ask about the structure 4xm.
I have also communicated with Mike Melanson who apparently does not speak while the issue of the format of your files cometary 4xm was as follows
What exactly are you trying to accomplish? I do not have all the details of the format 4xm fresh in my mind. All of my knowledge is written down either in that document, or the FFmpeg demuxer (I also wrote the xine demuxer 4xm).
Searching on this page to find the discussion of vulnerability
http://bugs.xine-project.org/show_bug.cgi?id=205
There he says that xine-lib has a problem similar to that described by Tobias discusses in his blog
http://tk-blog.blogspot.com/2009/02/tkadv2009-004-vs-xine-lib.html
Well I already have in mind the vulnerability CVE-2009-0385 is usable, I hope to understand format complete 4xm order to complete the PoC that truth is very simple
The vulnerability is 100% exploitable to execute arbitrary code. See http://tk-blog.blogspot.com/2009/01/exploitable-userland-null-pointer.html.
Tobi
As described in his blog, an achievement confirmed the vulnerability and control the EIP in windows and opensuse.
The PoC has not told her anything about him, more than anything you ask about the structure 4xm.
I have also communicated with Mike Melanson who apparently does not speak while the issue of the format of your files cometary 4xm was as follows
What exactly are you trying to accomplish? I do not have all the details of the format 4xm fresh in my mind. All of my knowledge is written down either in that document, or the FFmpeg demuxer (I also wrote the xine demuxer 4xm).
Searching on this page to find the discussion of vulnerability
http://bugs.xine-project.org/show_bug.cgi?id=205
There he says that xine-lib has a problem similar to that described by Tobias discusses in his blog
http://tk-blog.blogspot.com/2009/02/tkadv2009-004-vs-xine-lib.html
Well I already have in mind the vulnerability CVE-2009-0385 is usable, I hope to understand format complete 4xm order to complete the PoC that truth is very simple
Regards
--
- Anon
Comentarios