ID CVE-2007-3068
Summary Stack-based buffer overflow in DVD X Player 4.1 Professional allows remote attackers to execute arbitrary code via a PLF playlist containing a long filename.
References
Vulnerable Configurations
  • cpe:2.3:a:dvd_x_studios:dvd_x_player:4.1:-:professional
    cpe:2.3:a:dvd_x_studios:dvd_x_player:4.1:-:professional
CVSS
Base: 6.8 (as of 06-06-2007 - 14:30)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK MEDIUM NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
exploit-db via4
  • description DVD X Player 4.1 Professional .PLF file Buffer Overflow Exploit. CVE-2007-3068. Local exploit for windows platform
    file exploits/windows/local/4024.rb
    id EDB-ID:4024
    last seen 2016-01-31
    modified 2007-06-02
    platform windows
    port
    published 2007-06-02
    reporter n00b
    source https://www.exploit-db.com/download/4024/
    title DVD X Player 4.1 Professional .PLF file Buffer Overflow Exploit
    type local
  • description DVD X Player 5.5 Pro (SEH DEP + ASLR Bypass) Exploit. CVE-2007-3068. Local exploit for windows platform
    id EDB-ID:17803
    last seen 2016-02-02
    modified 2011-09-08
    published 2011-09-08
    reporter Rew
    source https://www.exploit-db.com/download/17803/
    title DVD X Player 5.5 Pro SEH DEP + ASLR Bypass Exploit
  • description DVD X Player 5.5 .plf PlayList Buffer Overflow. CVE-2007-3068. Local exploit for windows platform
    id EDB-ID:17770
    last seen 2016-02-02
    modified 2011-09-01
    published 2011-09-01
    reporter metasploit
    source https://www.exploit-db.com/download/17770/
    title DVD X Player 5.5 - .plf PlayList Buffer Overflow
  • description DVD X Player 5.5 Pro SEH Overwrite. CVE-2007-3068. Local exploit for windows platform
    id EDB-ID:17788
    last seen 2016-02-02
    modified 2011-09-06
    published 2011-09-06
    reporter blake
    source https://www.exploit-db.com/download/17788/
    title DVD X Player 5.5 Pro SEH Overwrite
metasploit via4
description This module exploits a stack-based buffer overflow on DVD X Player 5.5 Pro and Standard. By supplying a long string of data in a plf file (playlist), the MediaPlayerCtrl.dll component will attempt to extract a filename out of the string, and then copy it on the stack without any proper bounds checking, which causes a buffer overflow, and results in arbitrary code execution under the context of the user. This module has been designed to target common Windows systems such as: Windows XP SP2/SP3, Windows Vista, and Windows 7.
id MSF:EXPLOIT/WINDOWS/FILEFORMAT/DVDX_PLF_BOF
last seen 2019-03-30
modified 2017-09-22
published 2011-09-01
reliability Normal
reporter Rapid7
source https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/windows/fileformat/dvdx_plf_bof.rb
title DVD X Player 5.5 .plf PlayList Buffer Overflow
packetstorm via4
data source https://packetstormsecurity.com/files/download/104726/dvdx_plf_bof.rb.txt
id PACKETSTORM:104726
last seen 2016-12-05
published 2011-09-02
reporter n00b
source https://packetstormsecurity.com/files/104726/DVD-X-Player-5.5-.plf-PlayList-Buffer-Overflow.html
title DVD X Player 5.5 .plf PlayList Buffer Overflow
refmap via4
bid 24278
exploit-db 4024
osvdb 36956
secunia 25508
vupen ADV-2007-2043
xf dvdx-plf-bo(34690)
Last major update 07-03-2011 - 21:55
Published 05-06-2007 - 21:30
Last modified 18-10-2017 - 21:30
Back to Top