ACE Stream Media 2.1 (acestream://) Format String Exploit PoC

Title: ACE Stream Media 2.1 (acestream://) Format String Exploit PoC
Advisory ID: ZSL-2014-5165
Type: Local/Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 02.01.2014
Summary
Ace Stream is an innovative multimedia platform of a new generation, which includes different products and solutions for ordinary Internet users as well as for professional members of the multimedia market. Ace Stream uses in its core, P2P (peer-to-peer) technology, BitTorrent protocol, which is acknowledged as the most effective protocol to transfer/deliver 'heavy content'.
Description
ACE Stream Media (Ace Player HD) is prone to a remote format string vulnerability because the application fails to properly sanitize user-supplied input thru the URI using the 'acestream://' protocol before including it in the format-specifier argument of a formatted-printing function. A remote attacker may exploit this issue to execute arbitrary code with the privileges of the user running the affected application and/or cause memory address disclosure. Failed exploit attempts may cause denial-of-service (DoS) conditions.
Vendor
ACE Stream - http://www.acestream.org
Affected Version
2.1.10.1 (Ace Player HD 2.1.9 (VLC 2.0.5))
Tested On
Microsoft Windows 7 Professional SP1 (EN) 64bit
Vendor Status
N/A
PoC
acestream.txt
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://cxsecurity.com/issue/WLB-2014010009
[2] http://packetstormsecurity.com/files/124654
[3] http://secunia.com/advisories/55763/
[4] http://osvdb.org/show/osvdb/101697
[5] http://www.securityfocus.com/bid/64658
[6] http://www.exploit-db.com/exploits/30666/
[7] http://www.vfocus.net/art/20140109/11308.html
[8] http://www.securitylab.ru/poc/448868.php
Changelog
[02.01.2014] - Initial release
[04.01.2014] - Added reference [1], [2] and [3]
[05.01.2014] - Added reference [4]
[06.01.2014] - Added reference [5]
[08.01.2014] - Added reference [6]
[13.01.2014] - Added reference [7]
[09.02.2014] - Added reference [8]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk