| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Date: Mon, 24 Jan 2005 14:22:25 -0200 From: Carlos Ulver <carlos.ulver@...il.com> To: bugtraq@...urityfocus.com, full-disclosure@...ts.netsys.com Subject: RealPlayer 10.5 Denial of Service and possible Overflow Well i was trying to find something in .ra format. I found something interesting(I think) I had an old .Ra and tryed to change some information of the file(via an hexadecimal editor): All my .ra files begin always with the following code: .ra......ra4.........r.........>................+........ If i change ONE byte at the beginning RealAudio crashes like the following example: .ra......Aa4.........r.........>................+........ In this case I just overwrited the second 'r' for 'A' and RealPlayer crashed. I could not see if i overwrite with more A´s be possible to write into stack cause I´m with no good debugger here and I don´t understant windows debug report. It was tested only with RealPlayer 10.5. *** If possible some one try to write into stack will be great. *** I´m making files avaliable at www.debarry2.com.br/carlos/rapoc.zip as an proof of concept for this. You could also get the rapoc.zip at www.debarry2.com.br/carlos by a link I put at first page(top); If its possible to write into stack all of u comrades know that we can execute arbitrary code into affected systems. Sorry for my bad Brazilian-english. Carlos A. Ulver. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Powered by blists - more mailing lists