[framework] XMPlayer PLS Buffer Overflow Module
Greg Linares
glinares.code at gmail.com
Tue Nov 28 21:50:46 CST 2006
The dll's were packed with some sort of packer, the msfpescan said
peTITE but they didnt decompress right. Jerome suggested using a tool
Eeye makes that gets addresses from files in memory so compression
isnt a problem. I just havent had whole lot of time to work on that
meta file because i was working on 2 more exploits. If someone does
come up with a universal address in the .dlls feel free to modify my
ruby file accordingly. I tried to include as much as i could.
On 11/28/06, Nicob <nicob at nicob.net> wrote:
> Le lundi 27 novembre 2006 à 15:09 -0700, Greg Linares a écrit :
>
> > [ 'Windows 2000 Pro English SP4', { 'Ret' => 0x77e14c29 } ],
> > [ 'Windows XP Pro SP2 English', { 'Ret' => 0x77db41bc } ],
> > [ 'Windows 2003 SP0 and SP1 English', { 'Ret' => 0x77d74adc } ],
> > [ 'Windows XP Pro SP2 French', { 'Ret' => 0x77d8519f } ],
> > [ 'Windows XP Pro SP2 German', { 'Ret' => 0x77d873a0 } ],
> > [snip]
>
> Woo, a lot of targets. There's no DLL installed with XMPlay which could
> be used as a more universal return address ?
>
>
> Nicob
>
>
More information about the framework
mailing list