Tuesday, January 29, 2013

Apple Quick Time Player Version 7.7.3 Out of Bound Read

Thursday, January 10, 2013

JPEG of Death:Zoom Player JPEG File Memory Corruption/Arbitrary Code Execution Vulnerability[0day]

Zoom Player is a commercial media player developed by Inmatrix.It is a slick player of online multimedia content for Windows PCs.

Zoom player version 8.5 suffers from a buffer-overflow vulnerability.This bug can be triggered by feeding a specially crafted JPEG file to vulnerable version of Zoom player(v8.5).Successful exploits may allow an attacker to execute arbitrary code within the context of the user running the affected application.

Vendor Patch:
Vendor Inmatrix. Ltd. has already patched the issue and the affected version is also removed from their site,after I reported it to them.

Time Line:

[*] 16th Dec,2012: Bug found.(https://twitter.com/debasishm89/status/280334928489635840)
[*] 16th Dec,2012: Informed Vendor.
[*] 17th Dec,2012: Asked for PGP Key.
[*] 17th Dec,2012: Shared Technical details.
[*] 31st Dec,2012: Vendor Patched the Issue in version 8.5.1. http://forum.inmatrix.com/index.php?showtopic=13904
[*] 9th Jan,2013: Public release of advisory. http://www.exploit-db.com/exploits/23996/

Exploit Code:

Proof of Concept: