Buffer Overflow Vulnerability in ALLPlayer Versions 5.6.2 to 5.8.1
CVE-2013-7409

Currently unrated

Key Information:

Vendor

Allplayer

Status
Allplayer
Vendor
CVE Published:
30 October 2014

Badges

๐Ÿ‘พ Exploit Exists๐ŸŸก Public PoC๐ŸŸฃ EPSS 82%

What is CVE-2013-7409?

A buffer overflow vulnerability exists in ALLPlayer versions 5.6.2 through 5.8.1, which can be exploited by remote attackers. By sending a specially crafted .m3u playlist file containing excessively long strings, an attacker might cause the application to crash or potentially execute arbitrary code. Users of these versions are advised to update to the latest version and exercise caution with untrusted playlist files.

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2013-7409 - Proof of Concept

CVE-2013-7409 - Proof of Concept

CVE-2013-7409 - Proof of Concept

References

http://packetstormsecurity.com/files/123986/ALLPlayer-5.6...
x_refsource_MISC
http://www.securityfocus.com/bid/62926
vdb-entryx_refsource_BID
http://www.exploit-db.com/exploits/29798
exploitx_refsource_EXPLOIT-DB

EPSS Score

82% chance of being exploited in the next 30 days.

Timeline

  • ๐ŸŸก

    Public PoC available

  • ๐Ÿ‘พ

    Exploit known to exist

  • Vulnerability published

  • Vulnerability Reserved

.