AtomixMP3 M3U File Path Buffer Overflow Vulnerability
BID:21380
Info
AtomixMP3 M3U File Path Buffer Overflow Vulnerability
| Bugtraq ID: | 21380 |
| Class: | Boundary Condition Error |
| CVE: |
CVE-2006-6287 |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 01 2006 12:00AM |
| Updated: | Oct 10 2008 05:38PM |
| Credit: | Greg Linares is credited with the discovery of this vulnerability. |
| Vulnerable: |
AtomixMP3 AtomixMP3 2.3 |
| Not Vulnerable: | |
Discussion
AtomixMP3 M3U File Path Buffer Overflow Vulnerability
AtomixMP3 is prone to a buffer-overflow vulnerability because the application fails to properly verify the size of user-supplied data before copying it into an insufficiently sized memory buffer.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. Failed exploit attempts will likely crash applications, denying service to legitimate users.
This issue affects AtomixMP3 2.3 and prior versions.
AtomixMP3 is prone to a buffer-overflow vulnerability because the application fails to properly verify the size of user-supplied data before copying it into an insufficiently sized memory buffer.
Exploiting this issue allows remote attackers to execute arbitrary machine code in the context of the user running the affected application. Failed exploit attempts will likely crash applications, denying service to legitimate users.
This issue affects AtomixMP3 2.3 and prior versions.
Exploit / POC
AtomixMP3 M3U File Path Buffer Overflow Vulnerability
The following proof-of-concept M3U metadata is available:
#EXTM3U
#EXTINF:0,TITLE
C:\ + [BUFFER x 520 bytes] + [JMP] + [SHELLCODE in ESP]
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
The following proof-of-concept M3U metadata is available:
#EXTM3U
#EXTINF:0,TITLE
C:\ + [BUFFER x 520 bytes] + [JMP] + [SHELLCODE in ESP]
Core Security Technologies has developed a working commercial exploit for its CORE IMPACT product. This exploit is not otherwise publicly available or known to be circulating in the wild.
Solution / Fix
AtomixMP3 M3U File Path Buffer Overflow Vulnerability
Solution:
Currently we are not aware of any solutions for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any solutions for these issues. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].