首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
RealPlayer 15.0.6.14(.3g2) WriteAV Vulnerability
来源:coolkaveh [at] rocketmail.com 作者:coolkaveh 发布时间:2012-10-31   
Title    :  RealPlayer 15.0.6.14(.3g2) WriteAV Vulnerability
Version  :  15.0.6.14
Date     :  2012-10-29
Vendor   :  http://www.real.com/
Impact   :  High
Contact  :  coolkaveh [at] rocketmail.com
Twitter  :  @coolkaveh
tested   :  windows 7 x64
Author   :  coolkaveh
###############################################################################
Bug :
----
context-dependent
Successful exploits can allow attackers to execute arbitrary code
---- 
################################################################################
(f84.8c8): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=040d1370 
ebx=7fdfe2d0 
ecx=0a67f798 
edx=0a67f7a8 
esi=00000000 
edi=00000004
eip=66fc94df 
esp=3c6c1a80 
ebp=0a67f764 iopl=0         nv up ei pl nz na po nc
cs=0023  ss=002b  ds=002b  es=002b  fs=0053  gs=002b             efl=00010202
*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Program Files (x86)\Real\RealPlayer\codecs\dmp4.dll - 
dmp4!GetGUID+0x1836f:
66fc94df 8944241c        mov     dword ptr [esp+1Ch],eax ss:002b:3c6c1a9c=????????
0:029> !exploitable -v
HostMachine\HostUser
Executing Processor Architecture is x86
Debuggee is in User Mode
Debuggee is a live user mode debugging session on the local machine
Event Type: Exception
Exception Faulting Address: 0x3c6c1a9c
First Chance Exception Type: STATUS_ACCESS_VIOLATION (0xC0000005)
Exception Sub-Type: Write Access Violation

Exception Hash (Major/Minor): 0x247c7f22.0x247c7f63

Stack Trace:
dmp4!GetGUID+0x1836f
Instruction Address: 0x0000000066fc94df

Description: User Mode Write AV
Short Description: WriteAV
Exploitability Classification: EXPLOITABLE
Recommended Bug Title: Exploitable - User Mode Write AV starting at dmp4!GetGUID+0x000000000001836f (Hash=0x247c7f22.0x247c7f63)

User mode write access violations that are not near NULL are exploitable.
################################################################################
Proof of concept included. 
http://www21.zippyshare.com/v/83302158/file.html

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Aladdin Knowledge System Ltd C
·Joomla Component com_jce remot
·Internet Explorer 9 Memory Cor
·HP Operations Agent Opcode cod
·Konqueror 4.7.3 Memory Corrupt
·HP Operations Agent Opcode cod
·HP Intelligent Management Cent
·Microsoft Paint 5.1 Memory Cor
·ManageEngine Security Manager
·Adobe Reader 11.0.0 Stack Over
·Microsoft Windows Help program
·OpenSSH 6.0p1 Backdoor Patch 1
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved