Products Openwall GNU/*/Linux   server OS Linux Kernel Runtime Guard John the Ripper   password cracker Free & Open Source for any platform in the cloud Pro for Linux Pro for macOS Wordlists   for password cracking passwdqc   policy enforcement Free & Open Source for Unix Pro for Windows (Active Directory) yescrypt   KDF & password hashing yespower   Proof-of-Work (PoW) crypt_blowfish   password hashing phpass   ditto in PHP tcb   better password shadowing Pluggable Authentication Modules scanlogd   port scan detector popa3d   tiny POP3 daemon blists   web interface to mailing lists msulogin   single user mode login php_mt_seed   mt_rand() cracker Services Publications Articles Presentations Resources Mailing lists Community wiki Source code repositories (GitHub) Source code repositories (CVSweb) File archive & mirrors How to verify digital signatures OVE IDs What's new

Message-Id: <20150826170228.D4D417BC02D@smtpvmsrv1.mitre.org>
Date: Wed, 26 Aug 2015 13:02:28 -0400 (EDT)
From: cve-assign@...re.org
To: disclose@...ersecurityworks.com
Cc: cve-assign@...re.org, oss-security@...ts.openwall.com
Subject: Re: CVE Request : Serenity Media Player Buffer Overflow

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> https://github.com/cybersecurityworks/Diclosed/blob/master/Serenity%20audio%20Player%203.2.3%20SEH%20Buffer%20Overflow

> SEH Local buffer overflow in Serenity Audio Player 3.2.3 (earlier known as Malx Media Player)

> BUG_TITLE:Exploitable - Privileged Instruction Violation starting at image00400000+0x0000000000000055 (Hash=0x5e212578.0x3a4f4f12)
> EXPLANATION:A privileged instruction exception indicates that the attacker controls execution flow.

http://malsmith.kyabram.biz/serenity/serenity-3.2.3-src.zip
src/plgui.c
MplayInputFile

CHAR szTemp[MAX_PATH];
_ftscanf(fp, _T("%h[^\n]%*hc"), szTemp)

Are your exploit and the exploit referenced from
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-4097 both about
this one vulnerable _ftscanf call? If so, then the same CVE ID of
CVE-2009-4097 is applicable to both exploits.

- -- 
CVE assignment team, MITRE CVE Numbering Authority
M/S M300
202 Burlington Road, Bedford, MA 01730 USA
[ PGP key available through http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIbBAEBCAAGBQJV3fB0AAoJEL54rhJi8gl5BCcP90nDaLz5Aw1s/pvBxB/KVZqa
nhN+JuVY/8SR+K3qCP1XT6365UzV0+i4A9QQXVS8PS6Dn8j9Q7Y1Cq2m/K5HiehW
ghAMtul96DRS2Ti1OkgM1dmmO9RPv5eMzKiC2MbLIvWziyeg5W/y9SlAP95aZiqN
WV9Ii4HjrZV9LIWRL3sOEXSlCJ7Ez2lPWaosItuamScU9ZHOskmn+hl7xNzFvCyn
hqTCIPT2KQ9DSh00TGyalx5Qwu38j0XzsKkA+6B8g+VsRCq4yJpitF0L4MCBOQHr
f2jgKw9OktUN/de3Qx0dzg3X00jkcrM7RrDNGW83Gb2FDa9TZLVh+Dio0znTre6K
AyfIhtPDAXQnx5NsXcSsRh/1VLOuP1eRvGzWnnd5LeVODNCJ+nJNGiHQ3FQNOzJj
mBuGI17mFRCNlYsatpTpMGoSlxHdJPOr7rFZNX0Y7TG1N+GZUb6DVrfsprTCHNle
Pq+seeT5xwrXo4CI57KVvXC11KCHU87f2ldtVjspO50lzyRASzUJhEsHsZ35CbX7
Uc6ZksJls9vs3TvHx8cw6e3iPeThMLCsBx7pcXcbHbFXz4eNCPa2VPkV1Bfa8nKx
gtXXq6b0pvyK+2mvhLy7wQM0JmVP+Cwjim/3VHcM8F5SOfbRMwcA2vGAAnp5/tMR
5oBhIuKDZ2obycQoZ+E=
=8zwy
-----END PGP SIGNATURE-----

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.