首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全工具>攻击程序>软件详细
软件名称:  ScaryMovie Exploit Study
文件类型:  .zip
界面语言:  英文软件
软件类型:  国外软件
运行环境:  Win2003,WinXP,Win2000,Win9X
授权方式:  共享软件
软件大小:  233KB
软件等级:  ★★★☆☆
发布时间:  2010-01-18
官方网址: http:// 作者:Dr_IDE
演示网址:
软件说明:  

ScaryMovie Exploit Study
By: Dr_IDE
October, 2009

There is a widespread failure in the way that (.MOV) files are handled by the Quicktime Library. I have attempted to compound my findings on this issue.

Nearly every (.MOV) enabled application that I tested fell victim to this exploit. This is a local memory corruption vulnerability in the way these programs process a malformed file. I have provided crash logs, register dumps where applicable, sample script and trigger file.

Memory Corruption is repeatable and code execution seems possible. Because this issue affects web browsers it seems that the attack vector will be both Local and Remote.

It should be noted these applications are all registered by default as registered applications for this file type. There is no trickery involved in order to enable these programs to open the malicious file.

List of affected programs that I have verified:
-Tested on Snow Leopard 10.6.1 (All updates as of 10/07/09)
Apple Products (OSX):
 Finder.app                (Built-in OSX)
  Garageband 09           (Latest)
 Grapher.app               (Built-in OSX) 
 iMovie 8.0    (Latest)
  iPhoto 8.0                  (Latest)
 iTunes 9.0.1    (Latest)
 iWeb     (Latest)
 Keynote 5.0.3 (791)   (Latest)
 Numbers 2.0.3 (332)          (Latest)
 Pages 4.0.3 (766)   (Latest)
 Safari 4.0.3    (Latest)
  Quicktime Player 10         (Latest)

Third Party Applications (OSX):
  Cellulo 2.0.2               (Latest)
 Excel 2008    (Latest)
 HexEdit 2.2    (Latest)
 Mozilla Firefox 3.5.3(OSX)  (Latest)
 Powerpoint 2008           (Latest)
 VLC 1.0.2 (OSX)           (Latest)
  WidescreenPlayer            (Latest)
 Word 2008    (Latest)
Windows XP Service Pack 3:
 iTunes 9.0.1.8               (Latest)
 Quicktime 7.3.4              (Latest)
 MediaPlayerClassic 6.4.9.1         (Latest)

Not Vulnerable:
 VLC 1.0.2 on Windows seems to not be vulnerable to this.
 Firefox 3.5.3 on Windows crashed once but not reliably.

PoC Packagetx:
http://www.exploit-db.com/sploits/Dr_IDE_ScaryMovie_Study.zip

下载地址: 进入下载地址列表
下载说明: ☉推荐使用网际快车下载本站软件,使用 WinRAR v3.10 以上版本解压本站软件。
☉如果这个软件总是不能下载的请点击报告错误,谢谢合作!!
☉下载本站资源,如果服务器暂不能下载请过一段时间重试!
☉如果遇到什么问题,请到本站论坛去咨寻,我们将在那里提供更多 、更好的资源!
☉本站提供的一些商业软件是供学习研究之用,如用于商业用途,请购买正版。
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热门软件
·qwks.cpp(MS03-049)
·ms05039.rar
·fsie.rar
·Serv-U FTP溢出漏洞利用工具
·NBSI2破解版
·MS08-067.rar
·Churrasco.zip
·提权大杀器(2010黑帽大会公布的
·tfn2k.tgz
·SMBdie
·ms04-011.rar
·WinArpAttacker3.50.rar
  相关软件
·TrendMicro_web_deployment_acti
·slk.rar
·KiTrap0D.zip
·uusee.zip
·sopcast_exp.zip
·EverFocus_Edsr_Exploit.tar.gz
·提权大杀器(2010黑帽大会公布的
·ie 0day exp-Windows写字板HTML
·Samba < 3.0.20 heap overflow
·Epfw_Exp.zip
·JCZ3.rar
·smbrelay3.zip
 
  推荐广告
CopyRight © 2002-2017 VFocuS.Net All Rights Reserved