Description
BlazeVideo HDTV Player Pro v6.6.0.3 is vulnerable to a stack-based buffer overflow due to improper handling of user-supplied input embedded in .plf playlist files. When parsing a crafted .plf file, the MediaPlayerCtrl.dll component invokes PathFindFileNameA() to extract a filename from a URL-like string. The returned value is then copied to a fixed-size stack buffer using an inline strcpy call without bounds checking. If the input exceeds the buffer size, this leads to a stack overflow and potential arbitrary code execution under the context of the user.
CVSS breakdown
CVSS 4.0
Attack Vector
Network
Attack Complexity
Low
Attack Requirements
None
Privileges Required
None
User Interaction
Active
Confidentiality (Vulnerable System)
High
Integrity (Vulnerable System)
High
Availability (Vulnerable System)
High
Confidentiality (Subsequent System)
None
Integrity (Subsequent System)
None
Availability (Subsequent System)
None
Affected products
- BlazeVideo Inc. / HDTV Player Pro6.6.0.3 – 6.6.0.3
References
- EXPLOIThttps://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/fileformat/blazedvd_hdtv_bof.rb
- EXPLOIThttps://www.exploit-db.com/exploits/22931
- EXPLOIThttps://www.exploit-db.com/exploits/18693
- EXPLOIThttps://www.exploit-db.com/exploits/23052
- MISChttps://web.archive.org/web/20100302202333/https://blazevideo.com/help_center/hdtv-help/Technical-Support.html
- VENDOR_ADVISORYhttps://www.vulncheck.com/advisories/blazevideo-hdtv-player-pro-filename-handling-buffer-overflow