BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Haihaisoft Universal Player Buffer Overflow

Disclosed March 25, 2014    Zeroday : 162 days

Vulnerability Description:

Haihaisoft Media Player contains a buffer overflow which may be exploited by a remote attacker to gain arbitrary code execution within the context of the currently logged on user. Haihaisoft Media Player improperly handles .m3u, .pls, and .asx file types, allowing for an attacker to corrupt memory and redirect code flow.

Vendors:

Haihaisoft

Vulnerable Software/Devices:

Haihaisoft Universal Player 1.5.8 and possibly other versions

Vulnerability Severity:

High

Exploit Availability:

Publicly Available

Exploit Impact:

Remote Code Execution
Haihaisoft Media Player mishandles .m3u, .pls, and .asx file types, allowing for an attacker to place malicious content in those file types, which will trigger a memory corruption. The attacker may use this memory corruption to gain arbitrary code execution.

BeyondTrust Prevention and Detection:

33373 - Haihaisoft Universal Player 1.5.8.0 and Prior Buffer Overflow (Zero-Day)
33374 - Haihaisoft Universal Player 1.5.8.0 and Prior Buffer Overflow (Zero-Day) - x86

Mitigation:

There are no mitigations available. If possible, avoid using Haihaisoft Media Player. 

Links:

CVE(s):

None