bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/dos/11632.txt
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

18 lines
No EOL
1,012 B
Text
Raw Blame History

When Orb is first installed it registers several Direct Show filters with the system. When registered these filters are then called whenever a file which has a dependency on such a required filter is accessed. By specially crafting specific headers embedded into an mp3 file we can create a direct code path to code which is vulnerable to a integer division by zero. This vulnerability can be triggered remotely be embedding the crafted mp3 file into HTML. It is also not dependent on a certain media player. Attached is a PoC (Proof-Of-Concept) I wrote for this specific bug. Also included is a Rebuild file for IDA Pro examining the crash.
Download POC:
https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/11632.zip (aac_parser_int_div_by_0_orb.zip)
Timeline:
Discovery * 2/20/2010
Reported * 2/22/2010
Response * 2/22/2010
Additional Info Sent * 2/23/2010
Response * 2/23/2010
Response * 2/26/2010
Crash Confirmed * 3/03/2010
Patch date: Approx. 2 weeks
Expected: 3/19/2010
Reference in a new issue View git blame Copy permalink