This Metasploit module exploits a stack-based buffer overflow on DVD X Player 5.5 Pro and Standard. By supplying a long string of data in a plf file (playlist), the MediaPlayerCtrl.dll component will attempt to extract a filename out of the string, and then copy it on the stack without any proper bounds checking, which causes a buffer overflow, and results arbitrary code execution under the context of the user. This Metasploit module has been designed to target common Windows systems such as: Windows XP SP2/SP3, Windows Vista, and Windows 7.
348b94a602e053d653e9e822631e9a0911f02f12bdc2763f325cc1727f13dace
XBMC version 9.04.1r20672 soap_action_name post upnp sscanf buffer overflow exploit with windows bindshell code.
216d6860483a52a2efb4bf88bcd4db93daea540f99880b822a68ceaf94f00786
This Metasploit module exploits a stack-based buffer overflow in VariCAD 2010-2.05 EN. An attacker must send the file to victim and the victim must open the file.
606044200780a7d9d63b6fcf47963bd052e8a437c8822a35a6d9f1cb62286b98
VariCAD version 2010-2.05 EN local buffer overflow exploit. Comes with options to spawn calc.exe, bindshell, and add user shellcode.
4460d38656f73c9f360f723a858c168d3d22641a33ab3652bde30d4944fb41cc
Live For Speed 2 version Z local buffer overflow exploit that creates a malicious .mpr file.
37708474f244fd39bb1cb81a3f36feb08e09f73476694efb54a7aeddbabcf5fc
WinAMP version 5.551 MAKI parsing integer overflow exploit.
0921e8a6acab7f542cf570f379636a5f4f7a9048b4e45b2d9db0560e1d6fdb10
WinAMP version 5.551 MAKI parsing integer overflow proof of concept exploit.
79a438459b02a79c54299b4afbcae5ffc93dd837c9066d555f9ce0a55365c530
XBMC version 8.10 GET request remote buffer overflow SEH universal exploit.
ac00126090c9316ffe06c289042976f644e8fec2efec2fa5e5959e2a2933d787
XBMC version 8.10 proof of concept exploit code for multiple buffer overflows related to GET requests.
630e1ff4c87341bbc0d442422a65b0fbbda8376d48c984df1335117845f76dab
XBMC version 8.10 get tag from file name remote buffer overflow exploit.
c7b8919d2d1d3063802ac34741da2d095d10aa6076e4a9487051c26951ba38f6
XBMC version 8.10 takescreenshot remote buffer overflow exploit for Windows.
eba0bb541e3a78ea046d3e1678e22f7cb2080253e1cfabb4b322ef3d94d508c4
XBMC version 8.10 GET request remote buffer overflow exploit for Windows.
aa63b4ad5a6f2a442b6f2731b35ac6e2b862f6e0835b9f145e6cb5784cc92506
Racer version 0.5.3 beta 5 remote buffer overflow exploit that binds a shell to TCP/4444.
ce7e884e30b9977643a85468c6bebe8db229d682df9f029548fda9a983cec050
Live For Speed S1/S2/Demo .ply file local buffer overflow exploit.
aceef5e28dc73d1ddaf4e8f9ef4f49610b84cf1d8c1f57b8536367d5416dabab
Live For Speed S1/S2/Demo .spr file local buffer overflow exploit.
dbbf5ddb9f132c4e2b985cc0f8ee5cd8e7cc05abc2ca5717c6dcba29b4f35443
Live For Speed S1/S2/Demo .mpr replay file local buffer overflow exploit.
c2535bb7352e6b553467416302e7ad2906303f4192bb8a509fc48362187d59c7
MoviePlay version 4.76 .lst file local buffer overflow exploit.
073fe06de4f05a3b5ac16d628283d6ef013f7acbf5fbeefe542cef041ff98f56
Ace-FTP client version 1.24a remote buffer overflow denial of service exploit.
bb42d5abfb7c2bb15d845c1b696430c1a6e3e84f484d4786f422a644a3c3780d
DVD X Player version 4.1 Professional .PLF file buffer overflow exploit.
78eb0dd0da83d8445be445af9b4b383c5c9621fc8177717c9ea0863ad505a8ae
UltraISO versions 8.6.2.2011 and below local buffer overflow exploit that executes calc.exe.
dc16785987ec506b56d6d4651e4f804b27471b55f3a16e4ed785228162b8ac45
MagicISO versions 5.4 and below .cue file heap overflow proof of concept exploit.
62dfa4a53a2e5cccebcfcec8555b0ad724b13db2a1dc3f4d03190ebffa3dc7dc
RealPlayer 10 remote denial of service exploit that makes use of the .ra file flaw.
b015c7246d0f8bd3218fee4e99022278955d21ba08a1ad2e37b0d2f853274020
J. River Media Center version 11.0.309 remote denial of service exploit.
f36f3f1a101a6baaa4a876d6c78f6924088b05e1f1a729a803a9a1fef8c19523
Simple denial of service exploit for ImgSvr that crashes the server with a lot POST request.
aacd75835a45c6e99f68a23a593712a7f7b84daf54d56a402f0c9301a33e017f
POC code that crashes the Flock web browser using the marquee tag bug. Tested on Flock beta 1 (v0.7) and XP service pack 1.
ec0068f9fd53ef86b96bf84cca7bc571344b8efd2839c9cbca385eaa74b81aae