Flip4Mac WMV Parsing Memory Corruption Vulnerability - Advisories

Software Inspectors

	Scan Online

	Personal (PSI)

	Network (NSI 2.0)

Solutions For

	Security Professionals

	Security Vendors

Free Solutions For

	Open Communities

	Journalists & Media

Secunia Advisories

	Search

	Historic Advisories

	Listed By Product

	Listed By Vendor

	Statistics / Graphs

	Secunia Research

	Report Vulnerability

	About Advisories

Virus Information

	Chronological List

	Last 10 Virus Alerts

	About Virus Information

Secunia Customers

	Customer Area

Flip4Mac WMV Parsing Memory Corruption Vulnerability

Secunia Advisory:	SA23958
Release Date:	2007-01-29
Last Update:	2007-05-16

Critical:	Highly critical
Impact:	DoS System access
Where:	From remote
Solution Status:	Vendor Patch

Software:	Flip4Mac Windows Media Components for QuickTime 2.x

CVE reference:	CVE-2007-0466 (Secunia mirror)

	Want to know the next time vulnerabilities are fixed in this product? - Companies can be alerted via email and SMS!

Description: KF and LMH have reported a vulnerability in Flip4Mac, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is caused due to an input validation error when processing WMV files. This can be exploited to cause memory corruption via a specially crafted WMV file with a manipulated "ASF_File_Properties_Object" size field. Successful exploitation may allow execution of arbitrary code. The vulnerability is reported in Flip4Mac Windows Media Components for QuickTime Version 2.1.0.33. Other versions may also be affected. Solution: Update to version 2.1.1.70. http://www.flip4mac.com/wmv_download.htm Do not open WMV files from untrusted sources. Provided and/or discovered by: KF and LMH Changelog: 2007-02-02: Updated "Solution" section. 2007-05-16: Updated "Solution" and "Solution Status" sections. Original Advisory: http://projects.info-pull.com/moab/MOAB-27-01-2007.html



Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise. Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

1 Related Secunia Security Advisories

1. Flip4Mac WMV Processing Unspecified Vulnerability

Send Feedback to Secunia

If you have new information regarding this Secunia advisory or a product in our database, please send it to us using either our web form or email us at vuln@secunia.com. Ideas, suggestions, and other feedback are most welcome.

Secunia PSI
Scan | Patch | Track
Free Download

Secunia Poll

Most Popular Advisories

1.	phpJobScheduler "installed_conf ig_file" File Inclusion Vulnerabilities

2.	phpMyRealty "price_max" SQL Injection Vulnerability

3.	Novell eDirectory Multiple Vulnerabilities

4.	HP TCP/IP Services for OpenVMS Finger Format String Vulnerability

5.	Sun Solaris Kernel Covert Channel Security Bypass

6.	Slackware update for amarok

7.	OpenOffice "rtl_allocateMe mory()" Truncation Vulnerability

8.	dotProject SQL Injection and Cross-Site Scripting

9.	Acoustica Mixcraft ".mx4" File Processing Buffer Overflow

10.	Subdreamer Light Global Variables SQL Injection Vulnerability