← Advisories

Zortam MP3 Player 1.50 (m3u) Integer Division by Zero Exploit

Low

Advisory ID

ZSL-2009-4921

Release Date

16 July 2009

Vendor

Zortam Corp. - http://www.zortam.com

Affected Version

1.50

CVE

N/A

Tested On

Microsoft Windows XP Professional SP3 (English)

Summary

Zortam Mp3 Player will enable you to listen all your favorite tracks and at the same time enjoy a show of lights and images visualizing the covers of your albums and song lyrics.

Description

Zortam Mp3 Player suffers from a division by zero attack when handling .m3u files, resulting in denial of service vulnerability and possibly loss of data.

 (1c0.7f8): Integer divide-by-zero - code c0000094 (first chance)
 First chance exceptions are reported before any exception handling.
 This exception may be expected and handled.
 eax=0000000d ebx=0019be80 ecx=00000000 edx=00000000 esi=0180f5dc edi=0000000a
 eip=0040f294 esp=0012f588 ebp=0180f570 iopl=0         nv up ei pl nz ac po nc
 cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00210212
 *** ERROR: Symbol file could not be found.  Defaulted to export symbols for zPlayer.exe -
 zPlayer+0xf294:
 0040f294 f7f9            idiv    eax,ecx

Proof of Concept

zortam_zero.plTXT

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]http://www.milw0rm.com/exploits/9168

[2]http://packetstormsecurity.org/filedesc/zortam-zero.txt.html

[3]http://securityreason.com/exploitalert/6626

[4]http://www.vfocus.net/art/20090717/5510.html

Changelog

16.07.2009Initial release