CoolPlayer Multiple Buffer Overflow Vulnerabilities

CoolPlayer Multiple Buffer Overflow Vulnerabilities

CoolPlayer is prone to multiple buffer-overflow vulnerabilities because the application fails to check the size of the data before copying it into a finite-sized internal memory buffer.

An attacker can exploit these issues to execute arbitrary code within the context of the application or to cause a denial-of-service condition.

CoolPlayer 215 and prior versions are vulnerable to this issue; other versions may also be affected.

UPDATE (December 27, 2007): Reports indicate that CoolPlayer 217 is still vulnerable to this issue. Since the vendor released CoolPlayer 216 to address the issue, the fix may have been inadequate or CoolPlayer 217 may have reintroduced the issue. However, this has not been confirmed. We will update this BID as more information emerges.