========================================================================= Team Intell Security Advisory TISA2007-10-Private ------------------------------------------------------------------------- BS.Player 2.22 NULL pointer dereference =========================================================================
Release Date: 03.08.2007 Severity: Less critical Impact: Failure to handle exceptional conditions Status: Official patch available Software: BS.Player 2.22 Tested on: Microsoft Windows XP Professional SP2 Vendor: http://www.bsplayer.com http://www.bsplayer.org Disclosed: Edi Strosar (Team Intell) Description: ============ BS.Player is media player for Windows platform that supports many kinds of multimedia files. The application is susceptible to NULL/invalid pointer dereference that will crash the application. The exception may be reproduced when trying to use "Load subtitles" function from a context menu or by pressing CTRL + L during movie playback. The vendor was already aware of the problem. Debugger output: ================ 0:000> g (ac8.cf4): Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00000000 ebx=032ea810 ecx=00000000 edx=032fa440 esi=00000000 edi=032d0000 eip=032ea8ed esp=0012d514 ebp=0012d538 iopl=0 nv up ei ng nz ac pe cy cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010297 032ea8ed 015600 add dword ptr [esi],edx ds:0023:00000000=???????? Tested on BS.Player 2.22 free. Other versions of 2.22 series may be vulnerable. Solution: ========= On August, 1st 2007 vendor released version 2.23 that solves this issue. Timeline: ========= 02.08.2007 - bug analysis 03.08.2007 - public disclosure Contact: ======== Maldin d.o.o. Trzaska cesta 2 1000 Ljubljana - SI tel: +386 (0)590 70 170 fax: +386 (0)590 70 177 gsm: +386 (0)31 816 400 web: www.teamintell.com e-mail: [EMAIL PROTECTED] Disclaimer: =========== The content of this report is purely informational and meant for educational purposes only. Maldin d.o.o. shall in no event be liable for any damage whatsoever, direct or implied, arising from use or spread of this information. Any use of information in this advisory is entirely at user's own risk. ========================================================================= _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
