exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

mplayer11.txt

mplayer11.txt
Posted Aug 9, 2007
Authored by Abed Adonis | Site safehack.com

Microsoft Media Player 11 on Win XP SP2 suffers from a denial of service condition when handling a specially crafted .au file.

tags | advisory, denial of service
SHA-256 | cb84c5868e2f431ba43416e87145b435a53dcba749717926aa7c66e1a14ad762

mplayer11.txt

Change Mirror Download
                        .---------------.
/ Advisory \
-----------------------------------------------------------------.
:
Affected : Microsoft Media Player 11 on Win XP SP2 :
Type : DIVISION by ZERO :
Result : DoS :
Remote : YES :
Date : 2007-08-07 :
Author: : Adonis, Abed :
url : http://www.safehack.com/exp/mp/mplayer11.txt :
-----------------------------------------------------------------.

------------.
Disclaimer \
--------------`--------------------------------------------------.
This material is presented for informational and educational :
purposes only. We do not accept any liability for anything anyone:
does with this information. So, don't shoot the messenger. :
:
Use a computer in a ways that ensure respect for your fellow. :
-----------------------------------------------------------------.

--------------.
Brief History \
----------------`------------------------------------------------.
A division by Zero lead to a denial of service on :
Microsoft Windows Media Player version 11 :
:
If you open a specially crafted .au file in windows Media player :
you will crash the player with the following error. :
:
Exception number: c0000094 (divide by zero) :
:
To see if you Windows Media Player is vulnerable you can use our :
.au generator coded in python, or you can download the POC file. :
:
:
Proof-of-Concept :
---------------- :
:
http://www.safehack.com/exp/mp/iapetus.py (python .au generator) :
http://www.safehack.com/exp/mp/iapetus.au (poc file) :
:
If you do not have python installed you can just use the poc file:
-----------------------------------------------------------------.

--------------.
DEBUG DUMP \
----------------`------------------------------------------------.

Application exception occurred:
App: C:\Program Files\Windows Media Player\wmplayer.exe (pid=4972)
When: 8/7/2007 - 19:50:13.051
Exception number: c0000094 (divide by zero)

*----> System Information <----*
Computer Name: --
User Name: --
Terminal Session Id: 0
Number of Processors: 1
Processor Type: x86 Family 15 Model 2 Stepping 4
Windows Version: 5.1
Current Build: 2600
Service Pack: 2
Current Type: Uniprocessor Free
Registered Organization: Organization
Registered Owner: Name



*----> State Dump for Thread Id 0x838 <----*

eax=ffffffff ebx=010a82b0 ecx=00000000 edx=00000000 esi=ffffffff edi=000fe3a2
eip=748fe598 esp=01c8f0c0 ebp=01c8f154 iopl=0 nv up ei pl zr na po nc
cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

function: quartz
748fe581 b708 mov bh,0x8
748fe583 c1ea02 shr edx,0x2
748fe586 3bd1 cmp edx,ecx
748fe588 7702 ja quartz+0xee58c (748fe58c)
748fe58a 8bd1 mov edx,ecx
748fe58c 0fb708 movzx ecx,word ptr [eax]
748fe58f 56 push esi
748fe590 8d740aff lea esi,[edx+ecx-0x1]
748fe594 8bc6 mov eax,esi
748fe596 33d2 xor edx,edx
FAULT ->748fe598 f7f1 div ecx <- FAULT
748fe59a 8bc6 mov eax,esi
748fe59c 5e pop esi
748fe59d 2bc2 sub eax,edx
748fe59f c3 ret
748fe5a0 90 nop
748fe5a1 90 nop
748fe5a2 90 nop
748fe5a3 90 nop
748fe5a4 90 nop
748fe5a5 8bff mov edi,edi


-------------.
The Solution \
---------------`-------------------------------------------------.
:
Wait for a patch from Microsoft :
-----------------------------------------------------------------.
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close