exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

mplayer11.txt

mplayer11.txt
Posted Aug 9, 2007
Authored by Abed Adonis | Site safehack.com

Microsoft Media Player 11 on Win XP SP2 suffers from a denial of service condition when handling a specially crafted .au file.

tags | advisory, denial of service
SHA-256 | cb84c5868e2f431ba43416e87145b435a53dcba749717926aa7c66e1a14ad762

mplayer11.txt

Change Mirror Download
                        .---------------.
/ Advisory \
-----------------------------------------------------------------.
:
Affected : Microsoft Media Player 11 on Win XP SP2 :
Type : DIVISION by ZERO :
Result : DoS :
Remote : YES :
Date : 2007-08-07 :
Author: : Adonis, Abed :
url : http://www.safehack.com/exp/mp/mplayer11.txt :
-----------------------------------------------------------------.

------------.
Disclaimer \
--------------`--------------------------------------------------.
This material is presented for informational and educational :
purposes only. We do not accept any liability for anything anyone:
does with this information. So, don't shoot the messenger. :
:
Use a computer in a ways that ensure respect for your fellow. :
-----------------------------------------------------------------.

--------------.
Brief History \
----------------`------------------------------------------------.
A division by Zero lead to a denial of service on :
Microsoft Windows Media Player version 11 :
:
If you open a specially crafted .au file in windows Media player :
you will crash the player with the following error. :
:
Exception number: c0000094 (divide by zero) :
:
To see if you Windows Media Player is vulnerable you can use our :
.au generator coded in python, or you can download the POC file. :
:
:
Proof-of-Concept :
---------------- :
:
http://www.safehack.com/exp/mp/iapetus.py (python .au generator) :
http://www.safehack.com/exp/mp/iapetus.au (poc file) :
:
If you do not have python installed you can just use the poc file:
-----------------------------------------------------------------.

--------------.
DEBUG DUMP \
----------------`------------------------------------------------.

Application exception occurred:
App: C:\Program Files\Windows Media Player\wmplayer.exe (pid=4972)
When: 8/7/2007 - 19:50:13.051
Exception number: c0000094 (divide by zero)

*----> System Information <----*
Computer Name: --
User Name: --
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 4
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Uniprocessor Free
Registered Organization: Organization
Registered Owner: Name



*----> State Dump for Thread Id 0x838 <----*

eax=ffffffff ebx=010a82b0 ecx=00000000 edx=00000000 esi=ffffffff edi=000fe3a2
eip=748fe598 esp=01c8f0c0 ebp=01c8f154 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: quartz
748fe581 b708 mov bh,0x8
748fe583 c1ea02 shr edx,0x2
748fe586 3bd1 cmp edx,ecx
748fe588 7702 ja quartz+0xee58c (748fe58c)
748fe58a 8bd1 mov edx,ecx
748fe58c 0fb708 movzx ecx,word ptr [eax]
748fe58f 56 push esi
748fe590 8d740aff lea esi,[edx+ecx-0x1]
748fe594 8bc6 mov eax,esi
748fe596 33d2 xor edx,edx
FAULT ->748fe598 f7f1 div ecx <- FAULT
748fe59a 8bc6 mov eax,esi
748fe59c 5e pop esi
748fe59d 2bc2 sub eax,edx
748fe59f c3 ret
748fe5a0 90 nop
748fe5a1 90 nop
748fe5a2 90 nop
748fe5a3 90 nop
748fe5a4 90 nop
748fe5a5 8bff mov edi,edi


-------------.
The Solution \
---------------`-------------------------------------------------.
:
Wait for a patch from Microsoft :
-----------------------------------------------------------------.
Login or Register to add favorites

File Archive:

August 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    15 Files
  • 2
    Aug 2nd
    22 Files
  • 3
    Aug 3rd
    0 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    0 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    0 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close