>> Xine-lib Real Media Input Plugin "asmrp_eval()" Remote Buffer Overflow Vulnerability
Title : Xine-lib Real Media Input Plugin "asmrp_eval()" Remote Buffer Overflow Vulnerability VUPEN ID : VUPEN/ADV-2006-4824 CVE ID : CVE-2006-6172
Rated as : High Risk
Remotely Exploitable : Yes Locally Exploitable : Yes Release Date : 2006-12-02
Technical Description
A vulnerability has been identified in Xine-lib, which could be exploited by remote attackers to execute arbitrary commands or cause a denial of service. This flaw is due to a buffer overflow error in the "asmrp_eval()" [input/libreal/asmrp.c] function that does not properly handle a malformed ASM rulebook, which could be exploited by attackers to crash a vulnerable application or compromise an affected system via a specially crafted stream.
Note : A heap overflow error within libmms has also been reported. For additional information, see : VUPEN/ADV-2006-2487
