← Advisories

Media Player Classic 6.4.9.1 (iacenc.dll) DLL Hijacking Exploit

High

Advisory ID

ZSL-2010-4956

Release Date

26 August 2010

Vendor

Gabest - http://sourceforge.net/projects/guliverkli

Affected Version

6.4.9.1 (revision 73)

CVE

CVE-2010-3138

Tested On

Microsoft Windows XP Professional SP3 (English)

Summary

Media Player Classic (MPC) is a compact media player for 32-bit Microsoft Windows. The application mimics the look and feel of the old, lightweight Windows Media Player 6.4 but integrates most options and features found in modern media players. It and its forks are standard media players in the K-Lite Codec Pack and the Combined Community Codec Pack.

Description

Media Player Classic suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level. The vulnerable extensions are .mka, .ra and .ram thru iacenc.dll library.

Proof of Concept

mplayerc_dll.cTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]http://www.exploit-db.com/exploits/14788

[2]http://www.packetstormsecurity.org/filedesc/mplayerc_dll.txt.html

[3]http://secunia.com/advisories/41114/

[4]http://securityreason.com/exploitalert/8772

[5]http://www.vupen.com/english/advisories/2010/2190