Description
Media Jukebox 12 suffers from a heap overflow vulnerability when processing .mp3 files and its metadata (ID3 tags). When a malicious .mp3 file is played the application pops out an error message and crashes. The ECX register gets overwritten allowing the attacker the possibility of system access remotely or localy.
(8c0.858): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000041 ebx=03643868 ecx=0b1d6000 edx=0b2e7d5c esi=00000000 edi=0b323468
eip=0ae2545f esp=0012dc80 ebp=0012dda0 iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010206
in_mp3!GetFileInfo+0x3bfcf:
0ae2545f 668901 mov word ptr [ecx],ax ds:0023:0b1d6000=????
0:000> g
Heap corruption detected at 0B1D5018
(8c0.858): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0b1d3008 ebx=06f40178 ecx=41414141 edx=8b5f0000 esi=0b1d3000 edi=06f40000
eip=7c9108d3 esp=0012d1d8 ebp=0012d294 iopl=0 nv up ei pl nz na po cy
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010203
ntdll!wcsncpy+0x374:
7c9108d3 8902 mov dword ptr [edx],eax ds:0023:8b5f0000=????????