Zortam MP3 Player 1.50 (m3u) Integer Division by Zero Exploit

Title: Zortam MP3 Player 1.50 (m3u) Integer Division by Zero Exploit
Advisory ID: ZSL-2009-4921
Type: Local/Remote
Impact: DoS
Risk: (1/5)
Release Date: 16.07.2009
Summary
Zortam Mp3 Player will enable you to listen all your favorite tracks and at the same time enjoy a show of lights and images visualizing the covers of your albums and song lyrics.
Description
Zortam Mp3 Player suffers from a division by zero attack when handling .m3u files, resulting in denial of service vulnerability and possibly loss of data.

--------------------------------------------------------------------------------

(1c0.7f8): Integer divide-by-zero - code c0000094 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=0000000d ebx=0019be80 ecx=00000000 edx=00000000 esi=0180f5dc edi=0000000a
eip=0040f294 esp=0012f588 ebp=0180f570 iopl=0 nv up ei pl nz ac po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210212
*** ERROR: Symbol file could not be found. Defaulted to export symbols for zPlayer.exe -
zPlayer+0xf294:
0040f294 f7f9 idiv eax,ecx

--------------------------------------------------------------------------------

Vendor
Zortam Corp. - http://www.zortam.com
Affected Version
1.50
Tested On
Microsoft Windows XP Professional SP3 (English)
Vendor Status
N/A
PoC
zortam_zero.pl
Credits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>
References
[1] http://www.milw0rm.com/exploits/9168
[2] http://packetstormsecurity.org/filedesc/zortam-zero.txt.html
[3] http://securityreason.com/exploitalert/6626
[4] http://www.vfocus.net/art/20090717/5510.html
Changelog
[16.07.2009] - Initial release
Contact
Zero Science Lab

Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk