BS.Player v2.51 build 1022 (Media Library) Remote Buffer Overflow Vulnerability

Ever since the very beginning in the year 2000, the BS.Player™ has been one of the world’s most popular video players. It is popular for many reasons. One however should be pointed out: BS.Player™ is the first software movie player ever to enable its users to focus on watching the movie instead of dealing with poor computer capabilities or running around looking for a proper setting and codec. Also, it has very low CPU and RAM requirements.

BS.Player and its feature Media Library is prone to a buffer overflow vulnerability because it fails to adequatly sanitize boundry check when processing mp3 file and its metadata. When you load the evil .mp3 file in the Media Library > Audio launched from bsplayer the application crashes instantly giving us info that ECX and EIP got overwritten enabling the attacker to gain full access to the application’s memory and execute arbitrary code.

Version tested: 2.41 build 1003 and 2.51 build 1022

PoC:

http://zeroscience.mk/codes/aimp2_evil.mp3

[mirror] http://milw0rm.com/sploits/2009-aimp2_evil.mp3
[mirror] http://securityreason.com/download/11/13

More INFO: http://zeroscience.mk/mk/vulnerabilities/ZSL-2010-4932.php

Comment are closed.