29 lines
No EOL
1.6 KiB
Text
29 lines
No EOL
1.6 KiB
Text
# Exploit Title: POTPLAYER 1.6.5x MP3 CRASH POC
|
|
# Date: 08-02-2016
|
|
# Exploit Author: Shantanu Khandelwal
|
|
# Vendor Homepage: https://potplayer.daum.net/
|
|
# Software Link: (32-Bit) http://get.daum.net/PotPlayer/v3/PotPlayerSetup.exe
|
|
# Software Link: (64-Bit) http://get.daum.net/PotPlayer64/v3/PotPlayerSetup64.exe
|
|
# Version: 1.6.5x
|
|
# Tested on: Windows XP Sp3,Windows 8,Windows 10
|
|
# CVE : unknown at the moment
|
|
#============================================================================================
|
|
#Description: Read Access Violation on Block Data Mo#ve #Short Description:
|
|
ReadAVonBlockMove #Exploitability Classification: PROBABLY_EXPLOITABLE
|
|
#============================================================================================
|
|
#==================================================
|
|
#(8a4.d54): Access violation - code c0000005 (first chance) #First chance
|
|
exceptions are reported before any exception handling. #This exception may
|
|
be expected and handled. #eax=05d46659 ebx=05bb2998 ecx=00000011
|
|
edx=00000000 esi=05c68ffd edi=0012edd4 #eip=01b62e1e esp=0012e9dc
|
|
ebp=0363ad80 iopl=0 nv up ei pl nz ac po nc #cs=001b ss=0023 ds=0023
|
|
es=0023 fs=003b gs=0000 efl=00010212 #*** ERROR: Symbol file could not be
|
|
found. Defaulted to export symbols for C:\Program
|
|
Files\DAUM\PotPlayer\PotPlayer.dll -
|
|
#===========================================================
|
|
|
|
POTPLAYER has buffer overflow in png parser of image of MP3 offset 5B .
|
|
Crash is because of '\x22' at offset 5B
|
|
|
|
Proof of Concept:
|
|
https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/39428.zip |