Rosoft Media Player Track List Files Stack-Based Buffer Overflow Vulnerability

Rosoft Media Player Track List Files Stack-Based Buffer Overflow Vulnerability

Rosoft Media Player is prone to a stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Successful exploits allow remote attackers to execute arbitrary code in the context of the user running the application. Failed attacks will cause denial-of-service conditions.

Rosoft Media Player 4.1.7, 4.1.8, and 4.2.1 are vulnerable; other versions may also be affected.

NOTE: This BID originally covered this issue as a denial-of-service vulnerability; further information shows that the issue is more severe.

UPDATE (January 18, 2010): Rosoft Media Player 4.4.4 is also vulnerable to this issue when opening crafted '.m3u' playlist files.