Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Vuln-Dev
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-Disclosure] RealPlayer 10.5 Denial of Service and possible Overflo

from [Carlos Ulver] Network Security [Permanent Link]
Subject: [Full-Disclosure] RealPlayer 10.5 Denial of Service and possible Overflow
Date: Mon, 24 Jan 2005 14:22:25 -0200 
Well i was trying to find something in .ra format. I found something
interesting(I think)
I had an old .Ra and tryed to change some information of the file(via
an hexadecimal editor):
All my .ra files begin always with the following code:
.ra......ra4.........r.........>................+........
If i change ONE byte at the beginning RealAudio crashes like the
following example:
.ra......Aa4.........r.........>................+........

In this case I just overwrited the second 'r' for 'A' and RealPlayer crashed.
I could not see if i overwrite with more A´s be possible to write into
stack cause I´m with no good debugger here and I don´t understant
windows debug report.
It was tested only with RealPlayer 10.5. *** If possible some one try
to write into stack will be great. ***

I´m making files avaliable at           www.debarry2.com.br/carlos/rapoc.zip
as an proof of concept for this.

You could also get the rapoc.zip at www.debarry2.com.br/carlos by a
link I put at first page(top);

If its possible to write into stack all of u comrades know that we can
execute arbitrary code into affected systems.

Sorry for my bad Brazilian-english.

Carlos A. Ulver.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
[More with this subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-Disclosure] RealPlayer 10.5 Denial of Service and possible Overflow, Carlos Ulver <=
Previous by Date:  SUSE Security Announcement: Realplayer 8 (SUSE-SA:2005:004), Marcus Meissner
Next by Date:  RE: [Full-Disclosure] 2 vulnerabilities combine to auto execute received files in Nokia series 60 OS, Paul Kurczaba
Previous by Thread:  SUSE Security Announcement: Realplayer 8 (SUSE-SA:2005:004), Marcus Meissner
Next by Thread:  [Full-Disclosure] SECURITY.NNOV: Multiple applications fd_set structure bitmap array index overflow, 3APA3A
Indexes:  [Date] [Thread] [Top] [All Lists]