Media Player Classic 6.4.9.1 (iacenc.dll) DLL Hijacking Exploit
Title: Media Player Classic 6.4.9.1 (iacenc.dll) DLL Hijacking Exploit
Advisory ID: ZSL-2010-4956
Type: Local/Remote
Impact: System Access
Risk: (4/5)
Release Date: 26.08.2010
[2] http://www.packetstormsecurity.org/filedesc/mplayerc_dll.txt.html
[3] http://secunia.com/advisories/41114/
[4] http://securityreason.com/exploitalert/8772
[5] http://www.vupen.com/english/advisories/2010/2190
[6] http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/
[7] http://www.exploit-db.com/dll-hijacking-vulnerable-applications/
[8] http://osvdb.org/show/osvdb/67551
[9] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3138
[10] http://www.securityfocus.com/bid/42730
[11] http://osvdb.org/67588
[12] http://www.net-security.org/vuln.php?id=14726
[13] http://technet.microsoft.com/en-us/security/bulletin/ms12-014
[14] http://blogs.technet.com/b/srd/archive/2012/02/14/ms12-014-indeo-a-blast-from-the-past.aspx
[27.08.2010] - Added reference [1], [2], [3], [4], [5], [6] and [7]
[28.08.2010] - Added reference [8]
[31.08.2010] - Added reference [9]
[13.11.2010] - Added reference [10] and [11]
[18.02.2011] - Added reference [12]
[13.08.2013] - Added reference [13] and [14]
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2010-4956
Type: Local/Remote
Impact: System Access
Risk: (4/5)
Release Date: 26.08.2010
Summary
Media Player Classic (MPC) is a compact media player for 32-bit Microsoft Windows. The application mimics the look and feel of the old, lightweight Windows Media Player 6.4 but integrates most options and features found in modern media players. It and its forks are standard media players in the K-Lite Codec Pack and the Combined Community Codec Pack.Description
Media Player Classic suffers from a dll hijacking vulnerability that enables the attacker to execute arbitrary code on a local level. The vulnerable extensions are .mka, .ra and .ram thru iacenc.dll library.Vendor
Gabest - http://sourceforge.net/projects/guliverkliAffected Version
6.4.9.1 (revision 73)Tested On
Microsoft Windows XP Professional SP3 (English)Vendor Status
N/APoC
mplayerc_dll.cCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://www.exploit-db.com/exploits/14788[2] http://www.packetstormsecurity.org/filedesc/mplayerc_dll.txt.html
[3] http://secunia.com/advisories/41114/
[4] http://securityreason.com/exploitalert/8772
[5] http://www.vupen.com/english/advisories/2010/2190
[6] http://www.corelan.be:8800/index.php/2010/08/25/dll-hijacking-kb-2269637-the-unofficial-list/
[7] http://www.exploit-db.com/dll-hijacking-vulnerable-applications/
[8] http://osvdb.org/show/osvdb/67551
[9] http://cve.mitre.org/cgi-bin/cvename.cgi?name=2010-3138
[10] http://www.securityfocus.com/bid/42730
[11] http://osvdb.org/67588
[12] http://www.net-security.org/vuln.php?id=14726
[13] http://technet.microsoft.com/en-us/security/bulletin/ms12-014
[14] http://blogs.technet.com/b/srd/archive/2012/02/14/ms12-014-indeo-a-blast-from-the-past.aspx
Changelog
[26.08.2010] - Initial release[27.08.2010] - Added reference [1], [2], [3], [4], [5], [6] and [7]
[28.08.2010] - Added reference [8]
[31.08.2010] - Added reference [9]
[13.11.2010] - Added reference [10] and [11]
[18.02.2011] - Added reference [12]
[13.08.2013] - Added reference [13] and [14]
Contact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
