JetAudio and JetVideo media player vulnerability allows arbitrary code execution

An arbitrary code execution in the JetAudio Basic (v8.1.3) and JetVideo media players for Windows allows potential attackers to craft a malicious .asf file that could compromise a user’s PC, warns Bitdefender.

The JetAudio Basic and JetVideo software applications enable playback of commonly used audio and video files on Windows. When the JXVidInfo.dll file parses the ASF file’s codec entries, playing a movie or watching a video could have serious repercussions.

Once the DLL file is parsed, each codec name in a structure, previously defined on the stack, is copied by the code, but it does not validate the number of codec entries. Consequently, for a large number of codecs, the stack is then overwritten.

This JXVidInfo.dll file is a video info plugin for JetAudio that is exclusive to JetAudio Inc. As a significant component of the two applications, the same vulnerability can be reproduced on both JetAudio Basic and movie-playing product JetVideo.

“Considering the trivial exploitation of the vulnerability, an attacker could weaponise an .asf file as part of a spear-phishing attack and cause a serious amount of damage,” states Catalin Cosoi, Chief Security Strategist at Bitdefender. “Knowing the victim has one of the two media players installed on his local machine could turn this vulnerability into a valuable weapon in seizing control of the host.”

“Whether a drive-by download or malicious email attachment, the payload could be manipulated to execute any tool, process or service that an attacker would need to elevate their privileges on the targeted host.”

Bitdefender managed to overwrite the Structure Exception Handling in Windows so that code can be executed. The proof-of-concept exploit works on Windows XP and Windows 7, since these feature Data Execution Prevention. For Windows 8 and above, Structured Exception Handling Overwrite Protection is enabled by default, preventing Bitdefender’s proof-of-concept from running.