Vulnerability Details : CVE-2013-7409
Public exploit exists!
Buffer overflow in ALLPlayer 5.6.2 through 5.8.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long string in a .m3u (playlist) file.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2013-7409
Probability of exploitation activity in the next 30 days: 22.20%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 96 % EPSS Score History EPSS FAQ
Metasploit modules for CVE-2013-7409
-
ALLPlayer M3U Buffer Overflow
Disclosure Date: 2013-10-09First seen: 2020-04-26exploit/windows/fileformat/allplayer_m3u_bofThis module exploits a stack-based buffer overflow vulnerability in ALLPlayer 5.8.1, caused by a long string in a playlist entry. By persuading the victim to open a specially-crafted .M3U file, a remote attacker could execute arbitrary code on the system or cause
CVSS scores for CVE-2013-7409
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
CWE ids for CVE-2013-7409
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2013-7409
-
http://www.exploit-db.com/exploits/29549
ALLPlayer 5.6.2 - '.m3u' File Local Buffer Overflow (SEH Unicode) - Windows local ExploitExploit
-
http://packetstormsecurity.com/files/123554/ALLPlayer-5.6.2-Buffer-Overflow.html
ALLPlayer 5.6.2 Buffer Overflow ≈ Packet StormExploit
-
http://packetstormsecurity.com/files/124161/ALLPlayer-5.7-Buffer-Overflow.html
ALLPlayer 5.7 Buffer Overflow ≈ Packet StormExploit
-
http://www.exploit-db.com/exploits/32074
ALLPlayer - '.m3u' Local Buffer Overflow (Metasploit) - Windows local ExploitExploit
-
http://www.exploit-db.com/exploits/28855
ALLPlayer 5.6.2 - '.m3u' Local Buffer Overflow (PoC) - Windows dos ExploitExploit
-
http://www.exploit-db.com/exploits/32041
ALLPlayer 5.8.1 - '.m3u' Local Buffer Overflow (SEH) - Windows local ExploitExploit
-
http://www.securityfocus.com/bid/62926
ALLPlayer '.m3u' File Remote Buffer Overflow Vulnerability
-
http://www.exploit-db.com/exploits/29798
ALLPlayer 5.7 - '.m3u' UNICODE Buffer Overflow (SEH) - Windows local ExploitExploit
-
http://packetstormsecurity.com/files/125519/ALLPlayer-5.8.1-Buffer-Overflow.html
ALLPlayer 5.8.1 Buffer Overflow ≈ Packet StormExploit
-
http://packetstormsecurity.com/files/123986/ALLPlayer-5.6.2-SEH-Buffer-Overflow.html
ALLPlayer 5.6.2 SEH Buffer Overflow ≈ Packet StormExploit
Products affected by CVE-2013-7409
- cpe:2.3:a:allplayer:allplayer:*:*:*:*:*:*:*:*
- cpe:2.3:a:allplayer:allplayer:5.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:allplayer:allplayer:5.6.2:*:*:*:*:*:*:*