Full Disclosure mailing list archives
Re: BS.Player 2.22 NULL ptr dereference
From: <edi.strosar () varnostne-novice com>
Date: Fri, 03 Aug 2007 15:43:06 -0400
Dear 3APA3A, I didn't mentioned any DoS in my advisory. I clearly stated that it is a "bug" that will cause an exception/crash. It is a kind of Null/invalid ptr deref. The same kind as this is: http://www.securityfocus.com/archive/1/434280 and not much different than this: http://www.securityfocus.com/archive/1/461373 Nothing more. The main difference is that it was "implemented" by the vendor. http://www.bsplayer.org/en/bs.player/news/new/?article=21&BSPLAYER=76f1ff40d5a7f9f2f44a66edc209ac2a Thanks for your interest anyway. Sincerelly, Edi Strosar (Team Intell) 3APA3A wrote:
Can you, please explain why is this security bug? DoS is not software crash, DoS is Denial of Service. It means, security impact of DoS vulnerability should be preventing (blocking) access of legitimate user to some data or service (via data corruption, service malfuction, etc).
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- BS.Player 2.22 NULL ptr dereference edi.strosar (Aug 02)
- [AOGBF] Re: BS.Player 2.22 NULL ptr dereference 3APA3A (Aug 03)
- <Possible follow-ups>
- Re: BS.Player 2.22 NULL ptr dereference edi.strosar (Aug 03)