← Advisories

CyberLink PowerDVD <= 8.0 Crafted PLS/M3U Playlist File BoF Vulnerability

Medium
Advisory ID
ZSL-2008-4891
Release Date
02 July 2008
Vendor
CyberLink Corporation - http://www.cyberlink.com
Affected Version
6.0, 7.0 and 8.0
CVE
N/A
Tested On
Microsoft Windows XP Professional SP2 (English)
Summary

CyberLink PowerDVD is a commercial media player for Microsoft Windows and Linux. Several editions of the software are sold including "Ultra", "Deluxe" and "Standard". All editions support the viewing of DVD but only the Ultra edition supports Blu-ray playback.

Description

PowerDVD is prone to multiple buffer-overflow vulnerabilities because it fails to perform adequate boundary checks on user-supplied input. Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

(ea0.d4c): Stack overflow - code c00000fd (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. eax=00003e84 ebx=02890048 ecx=00032310 edx=02890049 esi=0007ef41 edi=0012cb2c eip=0043fb37 esp=0012c308 ebp=0012cf4c iopl=0 nv up ei pl nz na pe nc cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210206 image00400000+0x3fb37: 0043fb37 8501 test dword ptr [ecx],eax ds:0023:00032310=00000000
Proof of Concept
cyberlink_bof.plTXT
Disclosure Timeline
02.07.2008Vendor contacted.
14.08.2008Vendor informs Zero Science Lab that patch will be released on August 25th.
25.08.2008Vendor releases patch.
Credits
Vulnerability discovered by Gjoko Krstic
References
[1]http://www.securityfocus.com/bid/30341
[2]http://www.packetstormsecurity.org/filedesc/powerdvd_bof.pl.txt.html
[3]http://www.net-security.org/vuln.php?id=5616
[4]http://www.sebug.net/vulndb/3704
[5]http://www.venustech.com.cn/NewsInfo/124/1959.Html
[6]http://www.juniper.net/security/auto/vulnerabilities/vuln30341.html
[7]http://it.com.mk/index.php/Gjoko-Krstic/Sigurnost/Ranlivost-kaj-CyberLink-PowerDVD-BoF
Changelog
02.07.2008Initial release
03.08.2008Added reference [7]