CVE-2007-4938

MPlayer - Heap-based Buffer Overflow via AVI File Indx Truck Size

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-4938. PoCs published by Code Audit Labs.

AI-analyzed exploit summary This exploit leverages a heap-based buffer overflow in MPlayer due to inadequate boundary checks on user-supplied AVI header data. The provided AVI header data can trigger arbitrary code execution or denial-of-service conditions.

Description

Heap-based buffer overflow in libmpdemux/aviheader.c in MPlayer 1.0rc1 and earlier allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a .avi file with certain large "indx truck size" and nEntriesInuse values, and a certain wLongsPerEntry value.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Code Audit Labs · textdoslinux

https://www.exploit-db.com/exploits/30578

View Code ZIP pw:eip

This exploit leverages a heap-based buffer overflow in MPlayer due to inadequate boundary checks on user-supplied AVI header data. The provided AVI header data can trigger arbitrary code execution or denial-of-service conditions.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: MPlayer 1.0rc1

No auth needed

Prerequisites: User interaction to open a malicious AVI file

MITRE ATT&CK