There isn't exactly a whole lot of detail here. All you've got posted on your blog are two screenshots of the PPStream call stack after a crash. There's no detail about what input causes the crash, nor any other details about how to make it exploitable. At present, it's not even clear (beyond your word, of course) that vulnerability even *is* exploitable. With more detail, it'd be easier to analyze this vulnerability and propose a fix to the developers of this application.
Thanks, Rohit Patnaik expose 0day wrote: > ****************************************************************************** > PPStream is the most huge p2p media player in the world. > There are two hundred million ppstream users in the world. > The vulnerability is exploitable,but I have no time to make it,you > could visit my blog for detai...@^ > welcome to http://0dayexpose.blogspot.com/ > > > COM Object - {D22DE742-04CD-4B5C-A8A3-82AB3DAEC43D} PPSMediaList Control > COM Object Filename : C:\PROGRA~1\PPStream\MList.ocx > RegKey Safe for Script: True > RegkeySafe for Init: True > KillBitSet: False > Company Name : PPStream Inc. > Version : V2.6.86.8900 > Web Site : http://www.ppstream.com > ******************************************************************************* > > ------------------------------------------------------------------------ > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
