ESTsoft ALPlayer 2.0 ASX Playlist File Handling Buffer Overflow Vulnerability

vendor:

ALPlayer

by:

Gjoko 'LiquidWorm' Krstic

9.3

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: ALPlayer

Affected Version From: 2.0.0.4

Affected Version To: 2.0.0.4

Patch Exists: Yes

Related CWE: N/A

CPE: a:estsoft:alplayer:2.0.0.4

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Microsoft Windows XP Professional SP3 (EN)

2011

ESTsoft ALPlayer 2.0 ASX Playlist File Handling Buffer Overflow Vulnerability

The vulnerability is caused due to a boundary error in the processing of a playlist file, which can be exploited to cause a stack-based buffer overflow when a user opens a specially crafted .asx file. Successful exploitation may allow execution of arbitrary code.

Mitigation:

Upgrade to the latest version of ALPlayer

Source

Exploit-DB raw data:

ESTsoft ALPlayer 2.0 ASX Playlist File Handling Buffer Overflow Vulnerability


Vendor: ESTsoft Corp.
Product web page: http://www.altools.com
Affected version: 2.0.0.4

Summary: ALPlayer (former ALShow) is an easy-to-use media player that
comes equipped with plenty of codecs, and it's prepared to download more
if needed.

Desc: The vulnerability is caused due to a boundary error in the processing
of a playlist file , which can be exploited to cause a stack-based buffer
overflow when a user opens e.g. a specially crafted .asx file. Successful
exploitation may allow execution of arbitrary code.

-------------------------------------------------------------------------

(188.820): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0095c8e0 ebx=0012e560 ecx=00004141 edx=00ce4fc0 esi=026d1902 edi=0012e5ac
eip=7855c776 esp=0012e458 ebp=0012e468 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00210246
MSVCR90!_isspace_l+0x3b:
7855c776 0fb70448        movzx   eax,word ptr [eax+ecx*2] ds:0023:00964b62=????

-------------------------------------------------------------------------


Tested on: Microsoft Windows XP Professional SP3 (EN)


Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
                            @zeroscience


Advisory ID: ZSL-2011-5023
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5023.php


06.07.2011

PoC:
 - http://www.zeroscience.mk/codes/alplayer_bof.rar
 - https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/17497.rar (alplayer_bof.rar)