Roy Schestowitz wrote:
> Sony, Gracenote sound alarm over Microsoft flaw
>
> ,----[ Feed excerpt ]
>> Customers with Windows PCs warned to update their music-playing
>> software or run the risk of a security breach.
> `----
>
> http://news.zdnet.com/2100-1009_22-6116928.html
##########################################################
MPlayer contains multiple integer overflows that may lead to a
heap-based buffer overflow.
Background
==========
MPlayer is a media player that supports many multimedia file types.
Affected packages
=================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 media-video/mplayer < 1.0.20060415 >= 1.0.20060415
2 media-video/mplayer-bin < 1.0.20060415 >= 1.0.20060415
-------------------------------------------------------------------
2 affected packages on all of their supported architectures.
-------------------------------------------------------------------
Description
===========
Xfocus Team discovered multiple integer overflows that may lead to a
heap-based buffer overflow.
Impact
======
An attacker could entice a user to play a specially crafted multimedia
file, potentially resulting in the execution of arbitrary code with the
privileges of the user running the application.
http://www.linuxsecurity.com/content/view/122634
Ready. Set. Patch.
|
|
