← Advisories

BlazeVideo HDTV Player <= 3.5 PLF Playlist File Remote Buffer Overflow Exploit

Medium

Advisory ID

ZSL-2009-4906

Release Date

04 February 2009

Vendor

BlazeVideo, Inc. - http://www.blazevideo.com

Affected Version

3.5

CVE

CVE-2009-0450

Tested On

Microsoft Windows XP Professional SP2 (English)

Summary

BlazeVideo HDTV Player (BlazeDTV) is a full-featured and easy-to-use HDTV Player software, combining HDTV playback, FM receiving, video record and DVD playback functions. You can make advantage of PC monitor's high resolution, watch, record, playback high definition HDTV program or teletext broadcast program.

Description

BlazeVideo HDTV Player is prone to a heap-based buffer-overflow vulnerability because the application fails to handle malformed playlist files. An attacker can exploit this issue to execute arbitrary code within the context of the application or to trigger a denial-of-service condition.

 (620.d74): Access violation - code c0000005 (first chance)
 First chance exceptions are reported before any exception handling.
 This exception may be expected and handled.
 eax=00000001 ebx=77f6c15c ecx=04eb0dc0 edx=00000042 esi=0266ffc0 edi=00000001
 eip=43434343 esp=0013f288 ebp=6405247c iopl=0         nv up ei pl nz ac pe nc
 cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010216
 43434343 ??              ???

Proof of Concept

blazehdtv_hof.pyTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]http://www.securityfocus.com/bid/33588

[2]http://www.packetstormsecurity.org/filedesc/blazehdtv-hof.txt.html

[3]http://www.milw0rm.com/exploits/7975

[4]http://www.hackzone.ru/exploit/view/id/4597/

[5]http://www.exploit-db.com/exploits/7975/

[6]http://osvdb.org/show/osvdb/51825

[7]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0450

Changelog

04.02.2009Initial release

19.07.2012Added reference [5], [6] and [7]