← Advisories

ESTsoft ALPlayer 2.0 ASX Playlist File Handling Buffer Overflow Vulnerability

High

Advisory ID

ZSL-2011-5023

Release Date

06 July 2011

Vendor

ESTsoft Corp. - http://www.altools.com

Affected Version

2.0.0.4

CVE

N/A

Tested On

Microsoft Windows XP Professional SP3 (EN)

Summary

ALPlayer (former ALShow) is an easy-to-use media player that comes equipped with plenty of codecs, and it's prepared to download more if needed.

Description

The vulnerability is caused due to a boundary error in the processing of a playlist file , which can be exploited to cause a stack-based buffer overflow when a user opens e.g. a specially crafted .asx file. Successful exploitation may allow execution of arbitrary code.

(188.820): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0095c8e0 ebx=0012e560 ecx=00004141 edx=00ce4fc0 esi=026d1902 edi=0012e5ac
eip=7855c776 esp=0012e458 ebp=0012e468 iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00210246
MSVCR90!_isspace_l+0x3b:
7855c776 0fb70448        movzx   eax,word ptr [eax+ecx*2] ds:0023:00964b62=????

Proof of Concept

alplayer_bof.txtTXT

alplayer_bof.rarRAR

Disclosure Timeline

N/A

Credits

Vulnerability discovered by Gjoko Krstic

References

[1]http://www.exploit-db.com/exploits/17497/

[2]http://packetstormsecurity.org/files/102865

[3]http://www.securityfocus.com/bid/48583

[4]http://securityreason.com/exploitalert/10600

Changelog

06.07.2011Initial release

07.07.2011Added reference [2] and [3]

09.07.2011Added reference [4]