[EN] CVE-2009-0385 more details

I contacted Tobias Klein asked for a more details on the proof of concept for the bug described in CVE-2009-0385, his comment was as follows

The vulnerability is 100% exploitable to execute arbitrary code. See http://tk-blog.blogspot.com/2009/01/exploitable-userland-null-pointer.html.

Tobi

As described in his blog, an achievement confirmed the vulnerability and control the EIP in windows and opensuse.

The PoC has not told her anything about him, more than anything you ask about the structure 4xm.

I have also communicated with Mike Melanson who apparently does not speak while the issue of the format of your files cometary 4xm was as follows

 What exactly are you trying to accomplish? I do not have all the details of the format 4xm fresh in my mind. All of my knowledge is written down either in that document, or the FFmpeg demuxer (I also wrote the xine demuxer 4xm).

Searching on this page to find the discussion of vulnerability

http://bugs.xine-project.org/show_bug.cgi?id=205

There he says that xine-lib has a problem similar to that described by Tobias discusses in his blog

http://tk-blog.blogspot.com/2009/02/tkadv2009-004-vs-xine-lib.html

Well I already have in mind the vulnerability CVE-2009-0385 is usable, I hope to understand format complete 4xm order to complete the PoC that truth is very simple

Regards

--
- Anon

Comentarios

Entradas populares de este blog

Clave WPA2 por Defecto de equipos TotalPlay (Huawei HG8245H)

Cable modem Ubee - WPA2 y WPS por defecto