Xvid Library version 1.1.2 Vulnerability

The Xvid library version 1.1.2 has a newly discovered vulnerability in the get_intra_block, get_inter_h263, and get_inter_block_mpeg functions.  This vulnerability could allow a remote attacker to execute arbitrary code on the victim's computer.  Attackers exploiting this vulnerability must convince victims to open a specially-crafted Xvid Avi file in order to execute the arbitrary code on the victim's system.  The best way to avoid falling victim to such an attack is to not open untrusted or unknown Xvid Avi files.

References:

IBM Internet Security Systems

http://xforce.iss.net/xforce/xfdb/34949

Secunia

http://secunia.com/advisories/25711/

Posted by Kitch Spicer on June 29, 2007, in Handlers Log.