QuickPlayer '.m3u' File Buffer Overflow Vulnerability

Bugtraq ID:	30252
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Jul 16 2008 12:00AM
Updated:	Sep 30 2010 04:00AM
Credit:	Shinnok <[email protected]>
Vulnerable:	M.J.M Quick Player 1.3
Not Vulnerable:

QuickPlayer '.m3u' File Buffer Overflow Vulnerability

QuickPlayer is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input.

Successfully exploiting this issue may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.

QuickPlayer 1.3 is vulnerable; other versions may also be affected.

QuickPlayer '.m3u' File Buffer Overflow Vulnerability

To exploit this issue, an attacker must entice an unsuspecting user to open a malicious file using the affected application.

The following exploits are available:

• /data/vulnerabilities/exploits/30252.py
• /data/vulnerabilities/exploits/30252-1.py
• /data/vulnerabilities/exploits/30252-2.py
• /data/vulnerabilities/exploits/30252-3.py

QuickPlayer '.m3u' File Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

QuickPlayer '.m3u' File Buffer Overflow Vulnerability

References:

• Vendor Homepage (M.J.M)