TUCoPS :: HP Unsorted U :: bx1193.htm

Unicode buffer-overflow in Zoom Player 6.00b2
Unicode buffer-overflow in Zoom Player 6.00b2
Unicode buffer-overflow in Zoom Player 6.00b2



#######################################################################

                             Luigi Auriemma

Application:  Zoom Player
http://www.inmatrix.com 
Versions:     <= v6.00 beta 2 and naturally all the stable v5 versions
Platforms:    Windows
Bug:          unicode buffer-overflow
Exploitation: local
Date:         24 Dec 2007
Author:       Luigi Auriemma
e-mail: aluigi@autistici.org 
              web:    aluigi.org


#######################################################################


1) Introduction
2) Bug
3) The Code
4) Fix


#######################################################################

==============1) Introduction
==============

Zoom Player is a media player for Windows which supports many formats
through external filters.


#######################################################################

=====2) Bug
=====

Zoom Player is affected by an unicode buffer-overflow in the function
which builds the error messages.
The problem can be exploited for example through a malformed ZPL file
containing a http link to a file with PLS extension which will force
the program to use wsprintf for building the "Unable to play [%s]"
error message.


#######################################################################

==========3) The Code
==========

http://aluigi.org/poc/zoomprayer.zpl 


#######################################################################

=====4) Fix
=====

The next beta will contain the fix.


#######################################################################


--- 
Luigi Auriemma
http://aluigi.org

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH