QQPlayer ASX和CUE文件处理缓冲区溢出漏洞

QQPlayer ASX and CUE File Processing Buffer Overflow Vulnerabilities

发布:2010-07-21
影响:System access
状态:Vendor Patch
软件:QQPlayer 2.x

Description
Two vulnerabilities have been discovered in QQPlayer, which can be exploited by malicious people to compromise a user's system.

1) A boundary error when processing ASX files can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted ASX file.

2) A boundary error when processing CUE files can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted CUE file.

The vulnerabilities are confirmed in version 2.3.969.400p1. Other versions may also be affected.

Solution
Update to version 2.4.716.400p1.

Provided and/or discovered by
1) Li Qingshan, Information Security Engineering Center, School of Software and Microelectronics, Peking University
2) Lufeng Li, Neusoft Corporation

Original Advisory
1) http://www.exploit-db.com/exploits/14428/
2) http://www.exploit-db.com/exploits/14431/

Deep Links
Links available in Customer Area

QQPlayer asx File Processing Buffer Overflow Exploit

QQPlayer cue File Buffer Overflow Exploit