46 lines
No EOL
1.7 KiB
Text
46 lines
No EOL
1.7 KiB
Text
ESTsoft ALPlayer 2.0 ASX Playlist File Handling Buffer Overflow Vulnerability
|
|
|
|
|
|
Vendor: ESTsoft Corp.
|
|
Product web page: http://www.altools.com
|
|
Affected version: 2.0.0.4
|
|
|
|
Summary: ALPlayer (former ALShow) is an easy-to-use media player that
|
|
comes equipped with plenty of codecs, and it's prepared to download more
|
|
if needed.
|
|
|
|
Desc: The vulnerability is caused due to a boundary error in the processing
|
|
of a playlist file , which can be exploited to cause a stack-based buffer
|
|
overflow when a user opens e.g. a specially crafted .asx file. Successful
|
|
exploitation may allow execution of arbitrary code.
|
|
|
|
-------------------------------------------------------------------------
|
|
|
|
(188.820): Access violation - code c0000005 (first chance)
|
|
First chance exceptions are reported before any exception handling.
|
|
This exception may be expected and handled.
|
|
eax=0095c8e0 ebx=0012e560 ecx=00004141 edx=00ce4fc0 esi=026d1902 edi=0012e5ac
|
|
eip=7855c776 esp=0012e458 ebp=0012e468 iopl=0 nv up ei pl zr na pe nc
|
|
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210246
|
|
MSVCR90!_isspace_l+0x3b:
|
|
7855c776 0fb70448 movzx eax,word ptr [eax+ecx*2] ds:0023:00964b62=????
|
|
|
|
-------------------------------------------------------------------------
|
|
|
|
|
|
Tested on: Microsoft Windows XP Professional SP3 (EN)
|
|
|
|
|
|
Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
|
|
@zeroscience
|
|
|
|
|
|
Advisory ID: ZSL-2011-5023
|
|
Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5023.php
|
|
|
|
|
|
06.07.2011
|
|
|
|
PoC:
|
|
- http://www.zeroscience.mk/codes/alplayer_bof.rar
|
|
- https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/17497.rar (alplayer_bof.rar) |