Helix Player 11.0.2 - Encoded URI Processing Buffer Overflow

Author: gwright
type: remote
platform: linux
port: 
date_added: 2007-07-03 
date_updated: 2014-06-03 
verified: 1 
codes: CVE-2010-0416;OSVDB-62470 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/38161/info

Helix Player is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Successful exploits may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.


The following example URI is available:

http://AAA.BBB.CCC.DDD:EEEE/%.20000000s%