View Single Post
  #1 (permalink)  
Old 23rd September 2008
robert334 robert334 is offline
Junior Member
BS.player Regular User
Join Date: Mar 2007
Posts: 15
Rep Power: 0
robert334 is an unknown quantity at this point
Default [NOT A SECURITY HOLE ACTUALLY] BSPlayer security hole

How can command embedded into Avi?
BSPlayer 2.27 Buil 959
I guess someone has discovered a security hole and testing it now.
Doubleclicking plays avi and then starts a unrar command ...
How can playing avi start a unrar program????? whatever it may start then?????

I uploaded an avi segment 576x352 distorted to 240.avi (130k) to (clean)

The file was "repaired" to 576x352.avi and uploaded by another forum member and uploaded (not suspcious, until played with BS Player)

Now when started with doubleclick, the "repaired" avi plays with BSPlayer and then visibly unpacks the closest rar (which is a music mp3 album) into user temp folder which starts to play when 1-2 second video stops.

Right now doen't seem to have done any harm to system but needs checking ... when I have time.
Reply With Quote

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20