Xvid Buffer overflow Vulnerability (Win) - Jun09

Summary
This host has Xvid installed, and is prone to Buffer Overflow vulnerability.
Impact
Remote attackers may exploit this issue to cause multiple heap based buffer overflow, execute arbitrary code and may cause denial of service. Impact Level: System/Application
Solution
Upgrade to Xvid 1.2.2 or later http://www.xvid.org/
Insight
- Inadequate sanitation of user supplied data in 'decoder_iframe', 'decoder_pframe' and 'decoder_bframe' fuctions in xvidcore/src/decoder.c and can be exploited by providing a crafted macroblock (aka MBlock) number in a video stream in a crafted movie file. - A boundary error in 'decoder_create' function n xvidcore/src/decoder.c can be exploited via vectors involving the DirectShow (aka DShow) frontend and improper handling of the XVID_ERR_MEMORY return code during processing of a crafted movie file
Affected
Xvid before 1.2.2 on Windows.
References