K-Lite Codec Pack LAV Filters Memory corruption POC

2012.09.14
Credit: coolkaveh
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

K-Lite Codec Pack LAV Filters Memory corruption POC Date: 2012-09-13 Author: coolkaveh coolkaveh () rocketmail com Https://twitter.com/coolkaveh Vendor Homepage: http://codecguide.com/download_kl.htm LAV Splitter [version 0.30.13] Tested on: windows 7 x64 affected : avformat-53.dll ======== LAV Splitter [version 0.30.13] This splitter supports multiple container formats: AVI (.avi .divx) Matroska (.mkv .mka) MP4/MOV/3GP (.mp4 .m4v .3gp .mov .hdmov) WebM (.webm) Ogg (.ogm .ogg .ogv .oga) MPEG-TS (.ts .m2ts .m2t .mts) Flash Video (.flv) Blu-ray (.bdmv .mpls) ======== Access violation - code c0000005 (first chance) First chance exceptions are reported before any exception handling. This exception may be expected and handled. *** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files (x86)\K-Lite Codec Pack\Filters\LAV\avformat-53.dll - avformat_53!ff_add_index_entry+0x2b: 6ab5e8ab 8b06 mov eax,dword ptr [esi] ds:002b:00000084=???????? 10:47 AM Faulting Instruction:6ab5e8ab mov eax,dword ptr [esi] Basic Block: 6ab5e8ab mov eax,dword ptr [esi] Tainted Input Operands: esi 6ab5e8ad mov ebp,dword ptr [esp+74h] 6ab5e8b1 add eax,1 Tainted Input Operands: eax 6ab5e8b4 cmp eax,0aaaaaa9h Tainted Input Operands: eax 6ab5e8b9 jbe avformat_53!ff_add_index_entry+0x56 (6ab5e8d6) Tainted Input Operands: ZeroFlag, CarryFlag

References:

http://codecguide.com/download_kl.htm
http://seclists.org/fulldisclosure/2012/Sep/att-108/POC_flv.bin


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top