Xion Audio Player build 155 Stack Based BOF

2015.08.28

Credit: Un_N0n

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: CWE-79

********************************************************************************************
# Exploit Title: Xion Audio Player build 155 Stack Based BOF.
# Date: 8/19/2015
# Exploit Author: Un_N0n
# Software Vendor : http://www.xionplayer.com
# Software Link: http://www.xionplayer.com/page/download
# Version: 1.5 (Build 155)
# Tested on: Windows 7 x86(32 BIT)
********************************************************************************************
[Steps to Produce the Crash]:
1- open 'Xion.exe'.
2- Drag the malformed MP3 file into Xion Audio Player.
~ Software will Crash.
[Creating Malformed MP3 File?]:
>Replace the details of the legit MP3 file with large number of "A"s or any other random value.
**********************************************************************************************

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Xion Audio Player build 155 Stack Based BOF

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.