Check Point Advisories

Preemptive Protection against MPlayer for Windows Calloc Integer Overflow

Check Point Reference:	CPAI-2011-499
Date Published:	1 Nov 2011
Severity:	Medium
Last Updated:	Saturday 01 January, 2011
Source:
Protection Provided by:
Who is Vulnerable?	MPlayer for Win32 Project MPlayer All versions
Vulnerability Description	An integer overflow vulnerability has been reported in MPlayer for Windows.
Vulnerability Details	The vulnerability is due to an unchecked multiplication of two size values in a "calloc" replacement function. A remote attacker may exploit this issue by enticing an affected user to open a specially crafted media file with an affected version of MPlayer. Successful exploitation would allow remote attackers to execute arbitrary code, in the security context of the target user.