-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Multiple Remote Arbitrary Execution Vulnerabilities in Mplayer  [MU-200802-01]
February 14, 2008

http://labs.musecurity.com/advisories.html

Affected Products/Versions:

MPlayer 1.0rc2 and SVN before r25824 (Sun Jan 20 20:58:02 2008 UTC). Older
versions are probably affected, but they were not checked.

Product Overview:

http://www.mplayerhq.hu

"MPlayer is a movie player which runs on many systems (see the documentation).
It plays most MPEG/VOB, AVI, Ogg/OGM, VIVO, ASF/WMA/WMV, QT/MOV/MP4, RealMedia,
Matroska, NUT, NuppelVideo, FLI, YUV4MPEG, FILM, RoQ, PVA files, supported by
many native, XAnim, and Win32 DLL codecs. You can watch VideoCD, SVCD, DVD,
3ivx, DivX 3/4/5 and even WMV movies.."

Vulnerability Details:

URL IPv6 Address Parsing Remote Heap Overflow:

A heap overflow condition exists in the parsing of IPv6 addresses, allowing
for arbitrary code execution.

CDDB Remote Stack Overflow:

A remote attacker may execute arbitrary code on a client machine by causing
a specially crafted CDDB response to be sent to the client.

Vendor Response / Solution:

Fixed in MPlayer SVN on Sun Jan 20 20:43:46 2008 UTC.

History:
<10/07/07> - First contact with vendor
<10/08/07> - Vendor acknowledges vulnerability
<02/14/08> - Advisory released

Credit:

This vulnerability was discovered by Adam Bozanich of the Mu Security 
research team.

http://labs.musecurity.com/pgpkey.txt

Mu Security offers a new class of security analysis system, delivering a
rigorous and streamlined methodology for verifying the robustness and security
readiness of any IP-based product or application. Founded by the pioneers of
intrusion detection and prevention technology, Mu Security is backed by
preeminent venture capital firms that include Accel Partners, Benchmark
Capital and DAG Ventures. The company is headquartered in Sunnyvale, CA. For
more information, visit the company's website at http://www.musecurity.com. 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.8 (Darwin)

iEYEARECAAYFAke0jDwACgkQ+aa9jJz2VeBK/gCfR7YTapJ82v0NVA663Mc/s6IY
uUYAnjZR6jRff7AcHGORGInzoyBRtLdc
=fKx0
-----END PGP SIGNATURE-----