CVE-2007-4939

Name of the Vulnerable Software and Affected Versions Media Player Classic (MPC) versions 6.4.9.0 and earlier mympc (aka CD-Storm) version 1.0.0.1 StormPlayer version 1.0.4

Description The issue is related to a heap-based buffer overflow in the mplayerc.exe component. This can be triggered by a remote attacker using a specially crafted .avi file with specific values, such as an "indx truck size" of 0xffffffff, and certain wLongsPerEntry and nEntriesInuse values. The potential impact includes a denial of service (application crash) or possibly the execution of arbitrary code.

Recommendations For Media Player Classic (MPC) versions 6.4.9.0 and earlier, update to a version later than 6.4.9.0. For mympc (aka CD-Storm) version 1.0.0.1, consider disabling the use of .avi files until a patch is available. For StormPlayer version 1.0.4, restrict access to files that could potentially trigger the buffer overflow until a fix is released.