bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/dos/14767.txt
Offensive Security d63de06c7a DB: 2022-11-10 
2776 changes to exploits/shellcodes/ghdb
2022-11-10 16:39:50 +00:00

38 lines
No EOL
2.1 KiB
Text
Raw Permalink Blame History

Flash Movie Player v1.5 File Magic Crash
http://www.eolsoft.com/
http://www.eolsoft.com/freeware/flash_movie_player/
Author: Matthew Bergin
Website: http://berginpentesting.com
Date: August 25, 2010
Description: Flash Movie Player is a free stand-alone player for ShockWave Flash (SWF) animations, based on the Macromedia Flash Player plugin. In addition to all Macromedia Flash Player abilities, it has some extended features, such as animation rewinding, advanced full screen mode, playlists, browser cache integration and exe projectors support.
The software is provided "AS IS" without any warranty, either expressed or implied, including, but not limited to, the implied warranties of merchantability and fitness for a particular purpose. The author will not be liable for any special, incidental, consequential or indirect damages due to loss of data or any other reason. You are welcome to use this software without paying any kind of fee.
Flash Information
Plugin: Adobe Flash Player 10.1 r52
Version: 10.1.52.14
File: C:\WINDOWS\system32\Macromed\Flash\Flash10g.ocx
Operating System: Windows XP SP3
Bug Information:
Exception at UNKNOWN_VALUE: 0x0EEDFADE
0x0EEDFADE - Delphi exception was caught by one of the RTL's default C++ exception handlers.
#1 7C812AFB : RaiseException (RaiseException) 00491EFE (0012E8B0/00000000) C:\WINDOWS\system32\advapi32.dll
#2 00491EFE : 00491F34 (0012E908/00000000)
#3 00491F34 : 0049552E (0012E914/00000000)
#4 0049552E : 004953BE (0012E954/00000000)
#5 004953BE : 004B99BA (0012E96C/00000000)
#6 004B99BA : 00495925 (0012E9A4/00000000)
#7 00495925 : 004947AE (0012E9DC/00000000)
#8 004947AE : 1018D704 (0012E9F0/00000000)
#9 1018D704 : 10193E91 (0012EA38/00000000) .text
#10 10193E91 : FFFFFFFF (0012EADC/00000000) .text
#11 FFFFFFFF : 00000000 (FFFF4000/00000000) C:\WINDOWS\system32\kernel32.dll
Reproducing this bug:
Reproduction is very simple. The first 3 bytes of any SWF file is FWS, to reproduce the issue we need to replace the first byte 'F' with an '`' to make the magic look like '`WS' and load this file into Flash Movie Player.
POC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/14767.tar.gz
Reference in a new issue View git blame Copy permalink