1. Symantec/
  2. Security Response/
  3. Attack Signatures/
  4. Attack: BlazeDVD PLF FIle BO

Attack: BlazeDVD PLF FIle BO

Severity: High

This attack could pose a serious security threat. You should take immediate action to stop any damage or prevent further damage from happening.

Description

This signature detects a remote memory-corruption vulnerability in the BlazeVideo BlazeDVD.

Additional Information

BlazeDVD is a DVD player and recorder for Microsoft Windows.

BlazeDVD is prone to a remote memory-corruption vulnerability because the application fails to properly handle malformed playlist files.

Specifically, when the application tries to process malformed PLS playlist files containing excessively long filenames, memory may become corrupted. A filename of 256 or more bytes is sufficient to trigger this issue.

An attacker can exploit this issue to execute arbitrary code within the context of the application or to trigger a denial-of-service condition.

BlazeDVD 5.0 Professional and Standard versions are vulnerable to this issue.

Affected

  • BlazeVideo BlazeDVD Professional 5.0
  • BlazeVideo BlazeDVD Standard 5.0

Response

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.com.
  • Twitter
  • Facebook
  • LinkedIn
  • Google+
  • YouTube