Nero ShowTime 5.0.15.0 m3u Playlist File Remote Buffer Overflow PoC
Title: Nero ShowTime 5.0.15.0 m3u Playlist File Remote Buffer Overflow PoC
Advisory ID: ZSL-2008-4902
Type: Local/Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 24.11.2008
[2] http://secunia.com/advisories/32850/
[3] http://www.milw0rm.com/exploits/7207
[4] http://www.packetstormsecurity.org/filedesc/showtime_bof.pl.txt.html
[5] http://www.securityfocus.com/bid/32446
[6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7079
[7] http://osvdb.org/50199
[8] http://www.exploit-db.com/exploits/7207
Web: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk
Advisory ID: ZSL-2008-4902
Type: Local/Remote
Impact: System Access, DoS
Risk: (4/5)
Release Date: 24.11.2008
Summary
Nero ShowTime provides you with a high-performance software DVD player that takes you to a new dimension in DVD's. Its cinema-like sound and excellent image quality for all digital pictures make an adventure of every film! What is more, Nero ShowTime supports all DVD-Video formats and can play them from a disc and from the hard drive.Description
Nero ShowTime is prone to a buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts will cause denial-of-service conditions.Vendor
Nero AG / Nero Inc. / Nero K.K. / Nero Ltd - http://www.nero.comAffected Version
5.0.15.0Tested On
Microsoft Windows XP Professional SP2 (English)Vendor Status
N/APoC
showtime_bof.plCredits
Vulnerability discovered by Gjoko Krstic - <gjoko@zeroscience.mk>References
[1] http://xforce.iss.net/xforce/xfdb/46811[2] http://secunia.com/advisories/32850/
[3] http://www.milw0rm.com/exploits/7207
[4] http://www.packetstormsecurity.org/filedesc/showtime_bof.pl.txt.html
[5] http://www.securityfocus.com/bid/32446
[6] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-7079
[7] http://osvdb.org/50199
[8] http://www.exploit-db.com/exploits/7207
Changelog
[24.11.2008] - Initial releaseContact
Zero Science LabWeb: http://www.zeroscience.mk
e-mail: lab@zeroscience.mk