Denial of Service

[Inc0]

Hello, I need some explanation, check this exploit : http://1337day.com/exploits/14229, its a denial of service, but how can I dos someone with this ?

Thank You

[cd1zz]

Its not a remote exploit so you would have to convince someone to open your .m3u or .pls file.

[Data_Raid]

Hello, I need some explanation, check this exploit : http://1337day.com/exploits/14229, its a denial of service, but how can I dos someone with this ?

Thank You

The exploit mentions that BS Player 2.56  needs to be installed (might also work on the latest version: 2.57), the "victim" needs to open the crafted playlist file (m3u or pls). So you will need to send someone your malicious playlist file (hosting the playlist on a website might also work), all the exploit does is write 25000 A's and crash the app.

[cd1zz]

A better exercise would be to complete the exploit. It's unicode but c0relan has some great references for this

[Inc0]

Thank you all, I have one more question, whats the difference, between this : http://www.exploit-db.com/exploits/11839/ (Local Crash) and that (Denial of serice) exploit ?

[cd1zz]

A denial of service and a crash are the same thing. The terms are often used interchangeably. A PoC (noted in your exploit-db example) is a "proof of concept." In both of the examples you've asked about, a researcher found the bug but did not finish the exploit to show how to get code execution. Not all bugs are exploitable which is why they might of stopped here. There is only one way to find out!