Exploits / Vulnerability Discovered : 2019-04-08 |
Type : local |
Platform : windows
This exploit / vulnerability Allplayer 7.4 seh buffer overflow (unicode) is for educational purposes only and if it is used you will do on your own risk!
[+] Code ...
#!/usr/bin/python -w
#
# Exploit Author: Chris Au
# Exploit Title: AllPlayer V7.4 - Local Buffer Overflow (SEH Unicode)
# Date: 07-04-2019
# Vulnerable Software: AllPlayer V7.4
# Vendor Homepage: https://www.allplayer.org/
# Version: 7.4
# Software Link: http://allplayer.org/Download/ALLPlayerEN.exe
# Tested Windows Windows 7 SP1 x86
#
#
# PoC
# 1. generate evil.txt, copy contents to clipboard
# 2. open AllPlayer
# 3. select "Open video or audio file", click "Open URL"
# 4. paste contents from clipboard
# 5. select OK
# 6. calc.exe
#