BugTraq
Security-Assessment.com Release: Hacking Hollywood Slides, Advisories and Exploits Nov 29 2011 03:07AM
Nick Freeman (nick freeman security-assessment com)

( , ) (,
. `.' ) ('. ',
). , ('. ( ) (
(_,) .`), ) _ _,
/ _____/ / _ \ ____ ____ _____
\____ \==/ /_\ \ _/ ___\/ _ \ / / \/ | \\ \__( <_> ) Y Y /______ /\___|__ / \___ >____/|__|_| /
\/ \/.-. \/ \/:wq
(x.0)
'=.|w|.='
_='`"``=.

presents..

Hacking Hollywood: The Slides, The Bugs and The Exploits.

+------------+
|Introduction|
+------------+

At Kiwicon V (https://www.kiwicon.org) and Ruxcon 2011
(http://www.ruxcon.org.au), Nick Freeman presented on Hacking
Hollywood - a half hour feel-good romp through vulnerabilities in
software used during the film making process. This release includes
the slides, advisories and exploits used during the presentation. Enjoy!

+------+
|Slides|
+------+

Slides for the Ruxcon talk are available at the following URL:

http://security-assessment.com/files/documents/presentations/Hacking-Hol
lywood_Nick-Freeman_Ruxcon2011.pdf

+-----------------------+
|Advisories and Exploits|
+-----------------------+

Final Draft < 8.02 Multiple Stack Buffer Overflows
PDF:
http://security-assessment.com/files/documents/advisory/Final_Draft-Mult
iple_Stack_Buffer_Overflows.pdf
TXT:
http://security-assessment.com/files/documents/advisory/Final_Draft-Mult
iple_Stack_Buffer_Overflows.txt
POC: http://security-assessment.com/files/finaldraft8poc.zip
MSF: http://security-assessment.com/files/finaldraft8.rb
NOTE: Tested on v8.01, latest WinXPSP3. No DEP bypass - dodgy PoC.

StoryBoard Quick 6 Stack Buffer Overflow (unpatched)
PDF:
http://www.security-assessment.com/files/documents/advisory/Storyboard_Q
uick6-Stack_Buffer_Overflow.pdf
TXT:
http://www.security-assessment.com/files/documents/advisory/Storyboard_Q
uick6-Stack_Buffer_Overflow.txt
POC: http://security-assessment.com/files/storyboardquick6poc.zip
MSF: http://security-assessment.com/files/storyboardquick6.rb
NOTE: Tested on latest WinXPSP3. No DEP bypass - dodgy PoC.

Muster Render Farm Management System < 6.20 Arbitrary File Download
PDF:
http://security-assessment.com/files/documents/advisory/Muster-Arbitrary
_File_Download.pdf
TXT:
http://security-assessment.com/files/documents/advisory/Muster-Arbitrary
_File_Download.txt
NOTE: Exploit in advisory.

AvidPhoneticIndexer (Avid Media Composer <= 5.5.3) Remote Stack Buffer
Overflow (unpatched)
PDF:
http://www.security-assessment.com/files/documents/advisory/Avid_Media_C
omposer-Phonetic_Indexer-Remote_Stack_Buffer_Overflow.pdf
TXT:
http://www.security-assessment.com/files/documents/advisory/Avid_Media_C
omposer-Phonetic_Indexer-Remote_Stack_Buffer_Overflow.txt
MSF: http://security-assessment.com/files/avid_phonetic_indexer.rb
NOTE: WinXPSP3 Only, using Sayonara ROP chain (thanks WP!). Sometimes
this service starts on a different port, decreasing from 4660 (usually
starts on 4659)

+-------+
|Contact|
+-------+

Email: nick.freeman (at) security-assessment (dot) com [email concealed]
Twitter: @0x7674
Web: http://security-assessment.com

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus