Directory traversal vulnerability in DivX Player 2.6 and earlier allows remote attackers to overwrite arbitrary files via a .. (dot dot) in a filename in a ZIP file for a skin.
CVSS 2.0
Severity: MEDIUM
Problem Type: NVD-CWE-Other,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| divx | divx_player | 2.6 |
Multiple integer signedness errors in DirectShowDemuxFilter, as used in Divx Web Player, Divx Player, and other Divx plugins, allow remote attackers to execute arbitrary code via a (1) negative or (2) large value in a Stream Format (STRF) chunk in an AVI file, which triggers a heap-based buffer overflow.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-189,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| divx | directshowdemuxfilter | * |
| divx | web_player | * |
| divx | player | * |