Info

Disclosure

May 29, 2009

Discovery

Unknown

Dates

Exploit

May 29, 2009

Solution

Unknown

Description

AIMP version 2.51 build 330 suffers from a stack based buffer overflow vulnerability that can be exploited via malicious media file that supports ID3 tags (mp3). EIP and ECX registers gets overwritten, including the SE handler and the pointer to the next SEH record. The issue is trigered by playing the file (crashes within 5 seconds) or by viewing the file's metadata or by pressing the F4 key and selecting the ID3v1 or ID3v2 tab.

Classification

Location: Local / Remote, Context Dependent
Attack Type: Input Manipulation
Impact: Loss of Integrity
Exploit: Exploit Public

Solution

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Products

AIMP DevTeam

AIMP

2.51 build 330

References

CVE ID: 2009-1944 (see also: NVD)
Secunia Advisory ID: 35295
ISS X-Force ID: 50875
Milw0rm: 8837
Exploit Database: 8837
Packet Storm: http://packetstormsecurity.org/filedesc/aimp2-poc.txt.html
Other Advisory URL: http://sebug.net/exploit/11494/
http://securityreason.com/exploitalert/6322
http://securityreason.com/securityalert/5868
http://www.securitylab.ru/vulnerability/380701.php
http://www.zeroscience.mk/en/vulnerabilities/ZSL-2009-4914.php
Vendor URL: http://www.aimp.ru/

Credit

Gjoko Krstic - liquidwormgmail.com - Zero Science Lab

Direct URL: http://osvdb.org/54812