Gstreamer 0.10.x Logic Error

A vulnerability and a separate logic error exist in the gstreamer 0.10.x player for NSF music files. Combined, they allow for very reliable exploitation and the bypass of 64-bit ASLR, DEP, etc. The reliability is provided by the presence of a turing complete "scripting" inside a music player. Read the homepage link for full analysis. Proof of concept exploit included in this archive.

MD5 | da231d9408e25a8f4d0e8b1c067159dc

Related Posts