Serenity Media Player Buffer Overflow

2015.08.26

Credit: Team CSW

Risk: Medium

Local: Yes

Remote: No

CVE: N/A

CWE: CWE-119

Hi List:
This issue was disclosed and was acknowledged as public disclosure on
http://openwall.com/lists/oss-security/2015/08/24/2
We request for a CVE on the below mentioned vulnerability.
Below is the detailed information about the exploit code and POC video.
Exploit code and stack trace:
https://github.com/cybersecurityworks/Diclosed/blob/master/Serenity%20audio%20Player%203.2.3%20SEH%20Buffer%20Overflow
<https://www.google.com/url?q=https%3A%2F%2Fgithub.com%2Fcybersecurityworks%2FDiclosed%2Fblob%2Fmaster%2FSerenity%2520audio%2520Player%25203.2.3%2520SEH%2520Buffer%2520Overflow&sa=D&sntz=1&usg=AFQjCNF6zuK_VDbA7UI72gJoxHFlzV7LpA>
Exploit Video POC
https://youtu.be/ZMC-URZagMg
Note : Vulnerability was discovered by below mentioned person and
organization. Credit for this vulnerability is requested for following :
*Discover Credit:*
*Arjun Basnet from Cyber Security Works Pvt Ltd*
*----*
Thanks in advance
Team CSW

References:

https://youtu.be/ZMC-URZagMg

http://openwall.com/lists/oss-security/2015/08/24/2

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Serenity Media Player Buffer Overflow

References:

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.