[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CADe7mMdBEUUhbU8HMzAbFjPz7apVhOUd0LJiLyoz4wKE2Z1P2Q@mail.gmail.com>
Date: Wed, 10 Jul 2013 13:27:40 +0430
From: kaveh ghaemmaghami <kavehghaemmaghami@...glemail.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: VLC media player MKV Parsing POC
1.The crash you showed does not control eip
(its not a stack-based bof)
2.not even arbitrary memory
(check further instructions)
On Wed, Jul 10, 2013 at 3:03 AM, kaveh ghaemmaghami <
kavehghaemmaghami@...glemail.com> wrote:
> Hello list,
> regarding to nonsense VLC post
>
> http://www.jbkempf.com/blog/post/2013/More-lies-from-Secunia?pub=0#pr
>
> 1.we said that this was a crash, not an exploitable security issue
>
> and funny publication Comment
>
> You forget to mention most important thing: If Secunia Research is
> professional, why don't they provide you with working exploit? (in example
> EIP = 0x41414141) I'm sure company like VUPEN would do just that to prove
> they point. Isn't worth to point out on other sites? (e.g. netsec)
> I really like this https://twitter.com/Secunia/status/...<https://twitter.com/Secunia/status/337140449712156672>
> you can spot _two_ lies - first they don't find ANY vuln, second their
> lying about timeframe.
>
>
> Here is your VUPEN 0x41414141
>
>
> ModLoad: 64fb0000 650d8000 C:\Program Files
> (x86)\VideoLAN\VLC\plugins\demux\libmkv_plugin.dll
>
> (be8.f0c): Access violation - code c0000005 (first chance)
> First chance exceptions are reported before any exception handling.
> This exception may be expected and handled.
> eax=02b92a18 ebx=00890000 ecx=41414141 edx=00100000 esi=02bccbd8
> edi=00890178
> eip=77163fbb esp=04d1f324 ebp=04d1f348 iopl=0 nv up ei ng nz na po
> cy
> cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b
> efl=00010283
> ntdll!RtlImageNtHeader+0xe37:
> 77163fbb 8b11 mov edx,dword ptr [ecx]
> ds:002b:41414141=????????
>
> 0:010> g
>
> (be8.f0c): Access violation - code c0000005 (!!! second chance !!!)
> eax=02b92a18 ebx=00890000 ecx=41414141 edx=00100000 esi=02bccbd8
> edi=00890178
> eip=77163fbb esp=04d1f324 ebp=04d1f348 iopl=0 nv up ei ng nz na po
> cy
> cs=0023 ss=002b ds=002b es=002b fs=0053 gs=002b
> efl=00010283
> ntdll!RtlImageNtHeader+0xe37:
> 77163fbb 8b11 mov edx,dword ptr [ecx]
> ds:002b:41414141=????????
>
> 0:010> r ecx
>
> ecx=41414141
>
> 0:010> d ecx
> 41414141 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
> 41414151 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
> 41414161 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
> 41414171 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
> 41414181 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
> 41414191 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
> 414141a1 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
> 414141b1 ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ?? ????????????????
>
> POC included
>
> Stay Secure
>
> Regards
> Kaveh
>
Content of type "text/html" skipped
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists