Re: [Full-disclosure] BS.Player 2.22 NULL ptr dereference
- From: <edi.strosar@xxxxxxxxxxxxxxxxxxxx>
- Date: Fri, 03 Aug 2007 15:43:06 -0400
I didn't mentioned any DoS in my advisory. I clearly
stated that it is a "bug" that will cause an
exception/crash. It is a kind of Null/invalid ptr deref.
The same kind as this is:
and not much different than this:
Nothing more. The main difference is that it was
"implemented" by the vendor.
Thanks for your interest anyway.
Edi Strosar (Team Intell)
Can you, please explain why is this security bug? DoS is not software
crash, DoS is Denial of Service. It means, security impact of DoS
vulnerability should be preventing (blocking) access of legitimate user
to some data or service (via data corruption, service malfuction, etc).
Full-Disclosure - We believe in it.
Hosted and sponsored by Secunia - http://secunia.com/
- Prev by Date: Re: [Full-disclosure] "debug k" freezing Cisco routers?
- Next by Date: Re: [Full-disclosure] intrusion kit
- Previous by thread: [Full-disclosure] [AOGBF] Re: BS.Player 2.22 NULL ptr dereference
- Next by thread: [Full-disclosure] [USN-496-1] koffice vulnerability