XMPlay contains a buffer prone to exploitation via an overly long string. The vulnerability is caused due to a boundary error in XMPlay when handling .ASX, .M3U and .PLS files. This exploit uses a crafted .M3U to cause a stack-based buffer overflow. This module runs a malicious web server on the Core Impact Console and waits for an unsuspecting user to trigger the exploit by connecting to it.
CVE Link
Exploit Platform
Exploit Type
Product Name