1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: CCMPlayer Playlist File BO

Attack: CCMPlayer Playlist File BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects an attempt to exploit a buffer overflow vulnerability in CCMPlayer application which may result in remote code execution.

Additional Information

CCMPlayer is a multimedia player application.

The application is prone to a remote stack-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized memory buffer. Specifically, the application fails to handle specially crafted '.m3u' playlist files.

Attackers can exploit this issue to execute arbitrary code within the context of the application. Failed attacks may cause a denial-of-service condition.

Affected

  • CCMPlayer 1.5

Additional References

  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube