VMCPlayer 1.0 Denial of Service Vulnerability DoS, VMCPlayer.exe FMA-2011-006 VMCPlayer 1.0 http://files.videomobileconverter.com/vmcplayer.exe VMCPlayer.exe 1.4.0.20 8a98ffbb404731f8f5ffbf3eaf30a327 Windows XP SP3 Home Edition 2011.03.22 n/a 2013.03.24 Denial of Service Vulnerability during playback of not existing file. DoS Actually no fuzzing was required to find Denial of Service issue in this application, just simple functional testing was enough. As the threat level of this issue is almost none, we did not notify vendor about it. Issue is published rather as a warning to software vendors - that software testing should be performed before release, even if it is the most basic functional testing. In order to trigger vulnerability, manually enter invalid file name to OpenFileDialog (do not pick an existing file). and play file. Application does not validate input which leads to Denial of Service of VMCPlayer. Access violation exception raised by null pointer dereference. 004043C0 /$ 83EC 7C SUB ESP,7C 004043C3 |. 53 PUSH EBX 004043C4 |. 55 PUSH EBP 004043C5 |. 33DB XOR EBX,EBX 004043C7 |. 53 PUSH EBX 004043C8 |. 53 PUSH EBX 004043C9 |. 8D5424 20 LEA EDX,DWORD PTR SS:[ESP+20] 004043CD |. 52 PUSH EDX 004043CE |. 8BE9 MOV EBP,ECX 004043D0 |. 8B85 A0000000 MOV EAX,DWORD PTR SS:[EBP+A0] 004043D6 |. 8B08 MOV ECX,DWORD PTR DS:[EAX] ; [www.FuzzMyApp.com] Null pointer dereference 004043D8 |. 8D5424 20 LEA EDX,DWORD PTR SS:[ESP+20] 004043DC |. 52 PUSH EDX 004043DD |. 50 PUSH EAX 004043DE |. 8B41 0C MOV EAX,DWORD PTR DS:[ECX+C] 004043E1 |. FFD0 CALL EAX image01s.png 100 60 image01.png Access violation exception raised by null pointer dereference. Access violation exception raised by null pointer dereference.