Vulnerability Details : CVE-2014-10024
Potential exploit
Multiple integer signedness errors in DirectShowDemuxFilter, as used in Divx Web Player, Divx Player, and other Divx plugins, allow remote attackers to execute arbitrary code via a (1) negative or (2) large value in a Stream Format (STRF) chunk in an AVI file, which triggers a heap-based buffer overflow.
Vulnerability category: OverflowExecute code
Products affected by CVE-2014-10024
- cpe:2.3:a:divx:directshowdemuxfilter:*:*:*:*:*:*:*:*
- cpe:2.3:a:divx:web_player:*:*:*:*:*:*:*:*
- cpe:2.3:a:divx:player:*:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2014-10024
3.38%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 86 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2014-10024
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
|---|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2014-10024
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2014-10024
-
http://www.securityfocus.com/bid/67086
Divx Plugin Suite DirectShowDemuxFilter Heap Based Buffer Overflow Vulnerability
-
http://seclists.org/fulldisclosure/2014/Apr/283
Full Disclosure: Divx plugin suite heap-based buffer overflowExploit
Jump to