DVDXPlayer Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A local buffer overflow vulnerability has been identified in DVDXPlayer Pro version 5.5. This vulnerability involves structured exception handling, allowing local attackers to execute arbitrary code by creating malicious playlist files. Attackers can craft a .plf file that includes shellcode and NOP sleds, which overflow a buffer and manipulate the SEH chain to execute code with the application's privileges.

Impact

Exploitation of this vulnerability leads to a local buffer overflow, allowing for arbitrary code execution with the privileges of the application.

Reproduction

The vulnerability can be reproduced by creating a .plf file that contains shellcode and NOP sleds. This crafted file should be designed to overflow a buffer in DVDXPlayer Pro 5.5, hijacking the structured exception handling chain to execute the included shellcode. The exploitation can be automated with a Python script that generates the payload and writes it to a file, which can then be opened with the vulnerable application.