[VIM] Media .MID file DoS extra info
Steven M. Christey
coley at linus.mitre.org
Fri Dec 15 16:26:06 EST 2006
ref: Windows Media MID File Denial Of Service Vulnerability
http://www.securityfocus.com/archive/1/archive/1/454505/100/0/threaded
A .MID specification is here:
http://www.sonicspot.com/guide/midifiles.html
Looking at the header chunk, the following things are of note:
1) number of tracks is 0, but is expected to be 1 or more.
2) time division is zero, but is probably expected to be non-zero.
Suppositions regarding what bugs a "0" in a field called "division" might
trigger are welcome.
3) Only the header chunk is provided; given assumption of 1 or more
tracks, the "missing track" might also be an issue independent of the 0
value in item 1.
I don't know what is causing the issue, but the above items may be
relevant.
- Steve
More information about the VIM
mailing list