Re: [Full-disclosure] BS.Player 2.22 NULL ptr dereference



Dear 3APA3A,

I didn't mentioned any DoS in my advisory. I clearly
stated that it is a "bug" that will cause an
exception/crash. It is a kind of Null/invalid ptr deref.
The same kind as this is:

http://www.securityfocus.com/archive/1/434280

and not much different than this:

http://www.securityfocus.com/archive/1/461373

Nothing more. The main difference is that it was
"implemented" by the vendor.

http://www.bsplayer.org/en/bs.player/news/new/?article=21&BSPLAYER=76f1ff40d5a7f9f2f44a66edc209ac2a

Thanks for your interest anyway.

Sincerelly,
Edi Strosar (Team Intell)


3APA3A wrote:

Can you, please explain why is this security bug? DoS is not software
crash, DoS is Denial of Service. It means, security impact of DoS
vulnerability should be preventing (blocking) access of legitimate user
to some data or service (via data corruption, service malfuction, etc).

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/



Relevant Pages