CoolPlayer m3u playlist processing filename buffer overflow

2008-08-13T00:00:00
ID SAINT:828429E977E5AEA87A468A5196CCF39C
Type saint
Reporter SAINT Corporation
Modified 2008-08-13T00:00:00

Description

Added: 08/13/2008
CVE: CVE-2008-3408
BID: 30418
OSVDB: 47194

Background

CoolPlayer is a free audio player for Windows platforms.

Problem

A buffer overflow vulnerability in CoolPlayer allows command execution when a user opens an m3u playlist file containing a specially crafted filename.

Resolution

Upgrade to CoolPlayer build 220 (which will presumably contain a fix) or higher when available.

References

<http://secunia.com/advisories/31294/>

Limitations

Exploit works on CoolPlayer build 219 and requires the user to open the exploit file in CoolPlayer.

Platforms

Windows 2000
Windows XP