BlazeVideo HDTV Player Pro Stack-Based Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A stack-based buffer overflow vulnerability has been identified in BlazeVideo HDTV Player Pro version 6.6.0.3. The issue arises from improper handling of user-supplied input in .plf playlist files. When the MediaPlayerCtrl.dll component parses a crafted .plf file, it uses PathFindFileNameA() to extract a filename from a URL-like string. This extracted value is then copied to a fixed-size stack buffer using an unchecked strcpy call. If the input exceeds the buffer size, it causes a stack overflow, potentially leading to arbitrary code execution under the user's context.

Impact

Exploitation of this vulnerability causes a stack-based buffer overflow, which can be leveraged to execute arbitrary code with the privileges of the user.

Reproduction

The vulnerability can be reproduced by creating a .plf file that includes a crafted URL-like string. This string should be long enough to exceed the buffer size when processed by the MediaPlayerCtrl.dll component. Once the .plf file is loaded into BlazeVideo HDTV Player Pro v6.6.0.3, the buffer overflow occurs, allowing for arbitrary code execution.