CoolPlayer M3U File Buffer Overflow Vulnerability

Bugtraq ID:	30418
Class:	Boundary Condition Error
CVE:	CVE-2008-3408 CVE-2009-1437
Remote:	Yes
Local:	No
Published:	Jul 29 2008 12:00AM
Updated:	Jul 05 2016 09:38PM
Credit:	Guido Landi
Vulnerable:	CoolPlayer CoolPlayer+ Portable 2.19.2 CoolPlayer CoolPlayer+ Portable 2.19.1 CoolPlayer CoolPlayer 219 CoolPlayer CoolPlayer 218 CoolPlayer CoolPlayer 217 CoolPlayer CoolPlayer 216 CoolPlayer CoolPlayer 215
Not Vulnerable:

CoolPlayer M3U File Buffer Overflow Vulnerability

CoolPlayer is prone a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.

The issue occurs when handling specially crafted M3U files.

Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions.

CoolPlayer M3U File Buffer Overflow Vulnerability

The following proofs of concept and exploits are available:

• /data/vulnerabilities/exploits/30418.pl
• /data/vulnerabilities/exploits/30418-2.pl
• /data/vulnerabilities/exploits/30418-5.pl
• /data/vulnerabilities/exploits/30418-3.py
• /data/vulnerabilities/exploits/30418-6.pl
• /data/vulnerabilities/exploits/30418-7.pl
• /data/vulnerabilities/exploits/30418_3.pl
• /data/vulnerabilities/exploits/30418.rb
• /data/vulnerabilities/exploits/30418-2.rb
• /data/vulnerabilities/exploits/30418-8.py
• /data/vulnerabilities/exploits/30418-9.py.txt
• /data/vulnerabilities/exploits/30418-3.rb.txt
• /data/vulnerabilities/exploits/30418-4.py

CoolPlayer M3U File Buffer Overflow Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

CoolPlayer M3U File Buffer Overflow Vulnerability

References:

• CoolPlayer Web Site (CoolPlayer)