DivX Player 2.6 - '.Skin' File Directory Traversal

Author: Luigi Auriemma
type: remote
platform: windows
port: 
date_added: 2005-01-21 
date_updated: 2016-11-24 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comdivxplayer26.exe

source: https://www.securityfocus.com/bid/12332/info

DivX Player is reported prone to a directory traversal vulnerability. The issue presents itself when DPS '.dps', archive files are processed.

Ultimately an attacker may exploit this issue to save a script or executable file in an arbitrary location. This may lead to the execution of malicious code when the affected system is restarted. Alternatively, the attacker may overwrite a target file with the privileges of a user that is installing a malicious skin file.

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/25057.dps