CVE-2007-4940

Name of the Vulnerable Software and Affected Versions Media Player Classic versions 6.4.9.0 and earlier mympc versions 1.0.0.1 and earlier StormPlayer versions 1.0.4 and earlier

Description The issue is caused by multiple integer overflows in Media Player Classic, which can be exploited by remote attackers through a specially crafted .avi file. This file would contain certain large indx truck size and nEntriesInuse values, potentially leading to a denial of service or the execution of arbitrary code.

Recommendations For Media Player Classic versions 6.4.9.0 and earlier, update to a version later than 6.4.9.0 to resolve the issue. For mympc versions 1.0.0.1 and earlier, update to a version later than 1.0.0.1 to resolve the issue. For StormPlayer versions 1.0.4 and earlier, update to a version later than 1.0.4 to resolve the issue. As a temporary workaround, consider avoiding the use of .avi files with large indx truck size and nEntriesInuse values until a patch is available.