Security-Assessment.com Release: Hacking Hollywood Slides, Advisories and Exploits

2011-12-05T00:00:00
ID SECURITYVULNS:DOC:27402
Type securityvulns
Reporter Securityvulns
Modified 2011-12-05T00:00:00

Description

( , ) (, . `.' ) ('. ', ). , ('. ( ) ( (,) .`), ) _ , / _/ / _ \ _ \_ \==/ /\ \ _/ \/ _ \ / \ / \/ | \\ \( <> ) Y Y \ /__ /\| / \ >/|__|| / \/ \/.-. \/ \/:wq (x.0) '=.|w|.=' ='`"``=.

    presents..

Hacking Hollywood: The Slides, The Bugs and The Exploits.

+------------+ |Introduction| +------------+

At Kiwicon V (https://www.kiwicon.org) and Ruxcon 2011 (http://www.ruxcon.org.au), Nick Freeman presented on Hacking Hollywood - a half hour feel-good romp through vulnerabilities in software used during the film making process. This release includes the slides, advisories and exploits used during the presentation. Enjoy!

+------+ |Slides| +------+

Slides for the Ruxcon talk are available at the following URL:

http://security-assessment.com/files/documents/presentations/Hacking-Hollywood_Nick-Freeman_Ruxcon2011.pdf

+-----------------------+ |Advisories and Exploits| +-----------------------+

Final Draft < 8.02 Multiple Stack Buffer Overflows PDF: http://security-assessment.com/files/documents/advisory/Final_Draft-Multiple_Stack_Buffer_Overflows.pdf TXT: http://security-assessment.com/files/documents/advisory/Final_Draft-Multiple_Stack_Buffer_Overflows.txt POC: http://security-assessment.com/files/finaldraft8poc.zip MSF: http://security-assessment.com/files/finaldraft8.rb NOTE: Tested on v8.01, latest WinXPSP3. No DEP bypass - dodgy PoC.

StoryBoard Quick 6 Stack Buffer Overflow (unpatched) PDF: http://www.security-assessment.com/files/documents/advisory/Storyboard_Quick6-Stack_Buffer_Overflow.pdf TXT: http://www.security-assessment.com/files/documents/advisory/Storyboard_Quick6-Stack_Buffer_Overflow.txt POC: http://security-assessment.com/files/storyboardquick6poc.zip MSF: http://security-assessment.com/files/storyboardquick6.rb NOTE: Tested on latest WinXPSP3. No DEP bypass - dodgy PoC.

Muster Render Farm Management System < 6.20 Arbitrary File Download PDF: http://security-assessment.com/files/documents/advisory/Muster-Arbitrary_File_Download.pdf TXT: http://security-assessment.com/files/documents/advisory/Muster-Arbitrary_File_Download.txt NOTE: Exploit in advisory.

AvidPhoneticIndexer (Avid Media Composer <= 5.5.3) Remote Stack Buffer Overflow (unpatched) PDF: http://www.security-assessment.com/files/documents/advisory/Avid_Media_Composer-Phonetic_Indexer-Remote_Stack_Buffer_Overflow.pdf TXT: http://www.security-assessment.com/files/documents/advisory/Avid_Media_Composer-Phonetic_Indexer-Remote_Stack_Buffer_Overflow.txt MSF: http://security-assessment.com/files/avid_phonetic_indexer.rb NOTE: WinXPSP3 Only, using Sayonara ROP chain (thanks WP!). Sometimes this service starts on a different port, decreasing from 4660 (usually starts on 4659)

+-------+ |Contact| +-------+

Email: nick.freeman@security-assessment.com Twitter: @0x7674 Web: http://security-assessment.com