CVE-2008-0485 - Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attack

CVE-2008-0485

Summary

Array index error in libmpdemux/demux_mov.c in MPlayer 1.0 rc2 and earlier might allow remote attackers to execute arbitrary code via a QuickTime MOV file with a crafted stsc atom tag.

References

Vulnerable Configurations

cpe:2.3:a:mplayer:mplayer:*:*:*:*:*:*:*:*
cpe:2.3:a:mplayer:mplayer:*:*:*:*:*:*:*:*

CVSS

Base:	9.3 (as of 15-10-2018 - 22:00)
Impact:
Exploitability:

CWE

CWE-189

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
COMPLETE	COMPLETE	COMPLETE

cvss-vector via4

AV:N/AC:M/Au:N/C:C/I:C/A:C

refmap via4

bid	27499
bugtraq	20080204 CORE-2008-0122: MPlayer arbitrary pointer dereference
confirm	http://www.mplayerhq.hu/design7/news.html
debian	DSA-1496
fulldisc	20080204 CORE-2008-0122: MPlayer arbitrary pointer dereference
gentoo	GLSA-200803-16
mandriva	MDVSA-2008:045
misc	http://www.coresecurity.com/?action=item&id=2102
sectrack	1019299
secunia	28779 28955 28956 29307
sreason	3607
vupen	ADV-2008-0406

Last major update

15-10-2018 - 22:00

Published

05-02-2008 - 12:00

Last modified

15-10-2018 - 22:00