Re: [Full-disclosure] BS.Player 2.22 NULL ptr dereference

Dear 3APA3A,

I didn't mentioned any DoS in my advisory. I clearly
stated that it is a "bug" that will cause an
exception/crash. It is a kind of Null/invalid ptr deref.
The same kind as this is:

and not much different than this:

Nothing more. The main difference is that it was
"implemented" by the vendor.

Thanks for your interest anyway.

Edi Strosar (Team Intell)

3APA3A wrote:

Can you, please explain why is this security bug? DoS is not software
crash, DoS is Denial of Service. It means, security impact of DoS
vulnerability should be preventing (blocking) access of legitimate user
to some data or service (via data corruption, service malfuction, etc).

Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia -

Relevant Pages