Dear 3APA3A, In my opinion, You are only partially right. It is true that not all of the bugs are security-related ones. It is, however, untrue that the problem iself is only limited to media file playing refusal as it leads to a crash. I don't see much security impact, too. According to SecurityFocus (BID: 23991), "[..] Media Player Classic is prone to a denial-of-service vulnerability when processing a malformed MPA file. A remote attacker can exploit this issue to crash the affected application, denying service to legitimate users.[..]" The issue is definetely not a conversation piece, I agree ;-) Michal ----- Original Message ----- From: "3APA3A" <3APA3A@SECURITY.NNOV.RU> To: "Michal Bucko (hackpl)" <sapheal@hack.pl> Cc: <bugtraq@securityfocus.com> Sent: Wednesday, May 16, 2007 5:31 PM Subject: Re: Media Player Classic .MPA Div-By-Zero Denial of Service Vulnerability > Dear Michal Bucko (hackpl), > > DoS against e.g. Internet Explorer may be treated as a vulnerability, > because all windows are closed and user can loose some useful > information. This is very low impact, but it is. In this case I see no > impact at all. Resource consumption during dump file creation? > > Universal DoS against any media player: > > 1. Create new file in notepad > 2. Type "Na!" > 3. Save file as exploit.mp3 > 4. Open file in any media player. > 5. Media player fails to play. > > Is it vulnerability? Guys, not any application bug is security one. > > > --Tuesday, May 15, 2007, 1:49:54 AM, you wrote to > bugtraq@securityfocus.com: > > > MBh> Media Player Classic fails to handle MPA-extension media files. When > empty > MBh> file provided Media Player > MBh> Classic fails to properly parse MPA file format. > > MBh> 00634DD1 |. 8B4C24 18 MOV ECX,DWORD PTR SS:[ESP+18] > MBh> 00634DD5 |. 8B4424 14 MOV EAX,DWORD PTR SS:[ESP+14] > MBh> 00634DD9 |. 33D2 XOR EDX,EDX > MBh> 00634DDB |. F7F1 DIV ECX > > MBh> ECX 00000000 > > > -- > ~/ZARAZA http://securityvulns.com/ > >