CoolPlayer m3u playlist processing filename buffer overflow

Added: 08/13/2008
CVE: CVE-2008-3408
BID: 30418
OSVDB: 47194

Background

CoolPlayer is a free audio player for Windows platforms.

Problem

A buffer overflow vulnerability in CoolPlayer allows command execution when a user opens an m3u playlist file containing a specially crafted filename.

Resolution

Upgrade to CoolPlayer build 220 (which will presumably contain a fix) or higher when available.

References

http://secunia.com/advisories/31294/

Limitations

Exploit works on CoolPlayer build 219 and requires the user to open the exploit file in CoolPlayer.

Platforms

Windows 2000
Windows XP

Back to exploit index