This Metasploit module exploits a buffer overflow in l3codecx.ax while processing a AVI files with MPEG Layer-3 audio contents. The overflow only allows to overwrite with 0's so the three least significant bytes of EIP saved on stack are overwritten and shellcode is mapped using the .NET DLL memory technique pioneered by Alexander Sotirov and Mark Dowd. Please note on IE 8 targets, your malicious URL must be a trusted site in order to load the .Net control.
bf8b665e00a66d83f342244fe6468d8bae22e7105c7353d9ceb3aa7194057854
Month Of Abysssec Undisclosed Bugs - Microsoft MPEG Layer-3 remote command execution exploit.
2ad6d87780a5a0de9f3551752f761ef21ebe499c774089af2069653f707b9280
Month Of Abysssec Undisclosed Bugs - Microsoft MPEG Layer-3 remote command execution exploit.
9502feffce7cde9e57581bfcc9e15b703919b230c442bc762578444f3fb65751