vulner VUPlayer version 2:49

1. INFORMATION GATHERING 

application VUPlayer a freeware audio player for Microsoft Windows platforms.
This application can play many kinds of media files, like MP3. a playlist (. pls or. m3u)

This web is VUPlayer: http://www.vuplayer.com/vuplayer.php



2. VULNERABILITY IDENTIVICATION
I tries to find flaws VUPlayer applications., in CVE
and the results

 
  from the data above., allowing an attacker to execute code via a long URL arbiter in the line of the file on the file. PLS.,
and on-bassed stack buffer overflow., allows remote attackers to execute code of the arbitrator. in the HREF attribute of a REF element in a file. ASK.

"of data obtained. VUPlayer applications vulnerable to heap-based buffer overflow., This can be exploited remote attackers to execute arbitrary code machines authority, in a context where the user running the affected application"

• The first experiment I would do is to add URL.,

with stout character., and the results can be seen in the picture below.
 

 click the file and select Add URL

insert as many characters






 











look at Olly debug., ESP register was overwritten with our input is entered.,
and this is a very good prefix.

• at this stage I am trying to create a file. pls.., which contains the / X41 * 56 969

 make surcut use commands in the picture 


 insert sorcat on MPlayer:

then create a file in pattern_offset. This is useful to make sure the address where ESP and EIP., and useful at a later stage

 insert esp address and eip in the application fuzzer

  repeat again at the Olly debbg.

seen, the system performs the reading into the buffer (stack).
stack contains the character \ xCC

 The next stage open the console type. / msfweb

klick generate payload. and insert in fuzzer

.

save seberti repeat previous stage

 then run telnet on console