JPEG of Death:Zoom Player JPEG File Memory Corruption/Arbitrary Code Execution Vulnerability[0day]


Zoom Player is a commercial media player developed by Inmatrix.It is a slick player of online multimedia content for Windows PCs.

Zoom player version 8.5 suffers from a buffer-overflow vulnerability.This bug can be triggered by feeding a specially crafted JPEG file to vulnerable version of Zoom player(v8.5).Successful exploits may allow an attacker to execute arbitrary code within the context of the user running the affected application.

Vendor Patch:
Vendor Inmatrix. Ltd. has already patched the issue and the affected version is also removed from their site,after I reported it to them.




Time Line:

[*] 16th Dec,2012: Bug found.(https://twitter.com/debasishm89/status/280334928489635840)
[*] 16th Dec,2012: Informed Vendor.
[*] 17th Dec,2012: Asked for PGP Key.
[*] 17th Dec,2012: Shared Technical details.
[*] 31st Dec,2012: Vendor Patched the Issue in version 8.5.1. http://forum.inmatrix.com/index.php?showtopic=13904
[*] 9th Jan,2013: Public release of advisory. http://www.exploit-db.com/exploits/23996/


Exploit Code:


Proof of Concept:



Comments

  1. Explain the code a bit more man !
    All I understand is there is something in Char->Hex :P

    ReplyDelete

Post a Comment