[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Groovy Media Player buffer overflow Vulnerability

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Groovy Media Player buffer overflow Vulnerability
From: akshay.vaghela@xxxxxxxxxxxxx
Date: Thu, 4 Apr 2013 13:25:01 GMT
Title:
====

Groovy Media Player 3.2.0 Buffer Overflow Vulnerability


Credit:
======
Name: Akshaysinh Vaghela
Company/affiliation: Cyberoam Technologies Private Limited
Website: www.cyberoam.com


CVE:
=====

CVE-2013-2760 (Reserved)

Date:
====

21-03-2013

CL-ID:
====

CRD-2013-02


Vendor:
======

BestWebSharing continues the series of innovatory, remarkable, yet valuable 
multimedia applications. It combines amazing styling with advanced and 
compelling code to give you the best multimedia experience.


Product:
=======

Groovy Media Player is the perfect music-manager application with cool looks 
and a garland of features. It has Internet streaming, continuous play, mp3 to 
wav converting function plus a bunch of other amazing features.

Product link: http://www.bestwebsharing.com/groovy-media-player


Abstract:
=======

Cyberoam Threat Research Team discovered a Local Buffer Overflow vulnerability 
in Groovy Media Player 3.2.0 .


Affected Version:
=============

Ver 3.2.0


Report-Timeline:
============
21-03-2013: Vendor notification
28-03-2013: Follow-up notification sent
00-00-2013: Vendor Fix/Patch
05-04-2013: Public or Non-Public Disclosure


Exploitation-Technique:
===================

Local

Severity Rating:
===================

4.4 (AV:L/AC:M/Au:N/C:P/I:P/A:P/E:P/RL:U/RC:C)


Details:
=======
Vulnerability Description : Groovy media player is vulnerable to buffer 
overflow vulnerability.The software performs operations on a memory buffer, but 
it can read from or write to a memory location that is outside of the intended 
boundary of the buffer.Certain languages allow direct addressing of memory 
locations and do not automatically ensure that these locations are valid for 
the memory buffer that is being referenced. This can cause read or write 
operations to be performed on memory locations that may be associated with 
other variables, data structures, or internal program data.

Impact : Groovy Media Player is prone to a local buffer-overflow vulnerability 
because the application fails to perform adequate boundary checks on 
user-supplied input. Specifically, this issue occurs when opening a '.m3u' 
playlist file that contains excessive data.

Attackers may leverage this issue to execute arbitrary code in the context of 
the application. Failed attacks will cause denial-of-service conditions.


-------Error Signature--------
EventType : BEX     P1 :      P2 : 0.0.0.0     P3 : 00000000     P4 : unknown
P5 : 0.0.0.0     P6 : 00000000     P7 : 00000000     P8 : c0000409     
P9 : 00000000     
 

Error report image link :

http://oi49.tinypic.com/2h6910g.jpg
http://oi46.tinypic.com/2a5hpqf.jpg


Caveats / Prerequisites:
======================

The attacker needs to entice victims to perform an action in order to exploit 
this vulnerability.

Proof Of Concept:
================


POC Exploit code:

# !/usr/bin/python

filename = "Evil.mp3"
 
buffer = "\x41" * 220
exploit = buffer
 
textfile = open(filename , 'w')
textfile.write(exploit)
textfile.close()


Risk:
=====

The security risk of the Local Buffer Overflow Vulnerability is estimated as 
moderate.


Credits:
=======

Akshaysinh Vaghela - Cyberoam Threat Research Team


Disclaimer:
===========

The information provided in this advisory is provided as it is without any 
warranty. Any modified copy or reproduction, including partially usages, of 
this file requires authorization from Cyberoam Vulnerability Research Team. 
Permission to electronically redistribute this alert in its unmodified form is 
granted. All other rights, including the use of other media, are reserved by 
Cyberoam Vulnerability Research Team.


The first attempt at contact will be through any appropriate contacts or formal 
mechanisms listed on the vendor Web site, or by sending an e-mail with the 
pertinent information about the vulnerability. Simultaneous with the vendor 
being notified, Cyberoam may distribute vulnerability protection filters to its 
customers' IPS devices through the IPS upgrades.

If a vendor fails to respond after five business days, Cyberoam Vulnerability 
Research Team may issue a public advisory disclosing its findings fifteen 
business days after the initial contact.

If a vendor response is received within the timeframe outlined above, Cyberoam 
Vulnerability Research Team will allow the vendor 6-months to address the 
vulnerability with a patch. At the end of the deadline if a vendor is not 
responsive or unable to provide a reasonable statement as to why the 
vulnerability is not fixed, the Cyberoam Vulnerability Research Team will 
publish a limited advisory to enable the defensive community to protect the 
user. We believe that by doing so the vendor will understand the responsibility 
they have to their customers and will react appropriately.

Cyberoam Vulnerability Research Team will make every effort to work with 
vendors to ensure they understand the technical details and severity of a 
reported security flaw. If a product vendor is unable to, or chooses not to, 
patch a particular security flaw, Cyberoam Vulnerability Research Team will 
offer to work with that vendor to publicly disclose the flaw with some 
effective workarounds.

Before public disclosure of a vulnerability, Cyberoam Vulnerability Research 
Team may share technical details of the vulnerability with other security 
vendors who are in a position to provide a protective response to a broader 
user base.

--------------------------------------------------------------------------------------------------------------------------------
Prev by Date: Hackersh 0.1 Release Announcement
Next by Date: [ MDVSA-2013:016 ] apache-mod_security
Previous by thread: Hackersh 0.1 Release Announcement
Next by thread: [ MDVSA-2013:016 ] apache-mod_security
Index(es):
- Date
- Thread