• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

VUPlayer M3U UNC Name Buffer Overflow Vulnerability

VUPlayer is prone to a buffer-overflow vulnerability because the application fails to properly verify the size of user-supplied data before copying it into an insufficiently sized process buffer.

This issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. Failed exploit attempts will likely crash applications, denying service to legitimate users.

This issue affects VUPlayer 2.44; earlier versions may also be vulnerable.