MJM Core Player Stack-Based Buffer Overflow Vulnerability in .s3m File Parsing

A stack-based buffer overflow vulnerability has been identified in MJM Core Player 2011, specifically in the file version 2.4. The issue arises from inadequate bounds checking when the player parses .s3m music files. This flaw allows attackers to overwrite memory on the stack, potentially leading to arbitrary code execution. The vulnerability can be exploited by opening a malicious .s3m file, with the exploit bypassing Data Execution Prevention (DEP) and Address Space Layout Randomization (ASLR) protections using a Return-Oriented Programming (ROP) chain.

Impact

Exploitation of this vulnerability allows for arbitrary code execution on the affected system.

Reproduction

The vulnerability can be reproduced by creating a .s3m file that exploits the buffer overflow when opened in MJM Core Player 2011. This can be done using a Metasploit module designed for this purpose, which automates the process of crafting the malicious .s3m file and bypassing DEP and ASLR protections.