吉林十一选五多少期      
吉林十一选五多少期 | 安全文章 | 安全工具 | Exploits | 本站原創 | 關于我們 | 網站地圖 | 安全論壇
  當前位置:吉林十一选五多少期>安全工具>攻擊程序>軟件詳細
軟件名稱:  ScaryMovie Exploit Study
文件類型:  .zip
界面語言:  英文軟件
軟件類型:  國外軟件
運行環境:  Win2003,WinXP,Win2000,Win9X
授權方式:  共享軟件
軟件大?。?/td>  233KB
軟件等級:  ★★★☆☆
發布時間:  2010-01-18
官方網址: // 作者:Dr_IDE
演示網址:
軟件說明:  

ScaryMovie Exploit Study
By: Dr_IDE
October, 2009

There is a widespread failure in the way that (.MOV) files are handled by the Quicktime Library. I have attempted to compound my findings on this issue.

Nearly every (.MOV) enabled application that I tested fell victim to this exploit. This is a local memory corruption vulnerability in the way these programs process a malformed file. I have provided crash logs, register dumps where applicable, sample script and trigger file.

Memory Corruption is repeatable and code execution seems possible. Because this issue affects web browsers it seems that the attack vector will be both Local and Remote.

It should be noted these applications are all registered by default as registered applications for this file type. There is no trickery involved in order to enable these programs to open the malicious file.

List of affected programs that I have verified:
-Tested on Snow Leopard 10.6.1 (All updates as of 10/07/09)
Apple Products (OSX):
 Finder.app                (Built-in OSX)
  Garageband 09           (Latest)
 Grapher.app               (Built-in OSX) 
 iMovie 8.0    (Latest)
  iPhoto 8.0                  (Latest)
 iTunes 9.0.1    (Latest)
 iWeb     (Latest)
 Keynote 5.0.3 (791)   (Latest)
 Numbers 2.0.3 (332)          (Latest)
 Pages 4.0.3 (766)   (Latest)
 Safari 4.0.3    (Latest)
  Quicktime Player 10         (Latest)

Third Party Applications (OSX):
  Cellulo 2.0.2               (Latest)
 Excel 2008    (Latest)
 HexEdit 2.2    (Latest)
 Mozilla Firefox 3.5.3(OSX)  (Latest)
 Powerpoint 2008           (Latest)
 VLC 1.0.2 (OSX)           (Latest)
  WidescreenPlayer            (Latest)
 Word 2008    (Latest)
Windows XP Service Pack 3:
 iTunes 9.0.1.8               (Latest)
 Quicktime 7.3.4              (Latest)
 MediaPlayerClassic 6.4.9.1         (Latest)

Not Vulnerable:
 VLC 1.0.2 on Windows seems to not be vulnerable to this.
 Firefox 3.5.3 on Windows crashed once but not reliably.

PoC Packagetx:
//www.exploit-db.com/sploits/Dr_IDE_ScaryMovie_Study.zip

下載地址: 進入下載地址列表
下載說明: ☉推薦使用網際快車下載本站軟件,使用 WinRAR v3.10 以上版本解壓本站軟件。
☉如果這個軟件總是不能下載的請點擊報告錯誤,謝謝合作!!
☉下載本站資源,如果服務器暫不能下載請過一段時間重試!
☉如果遇到什么問題,請到本站論壇去咨尋,我們將在那里提供更多 、更好的資源!
☉本站提供的一些商業軟件是供學習研究之用,如用于商業用途,請購買正版。
[推薦] [評論(0條)] [返回頂部] [打印本頁] [關閉窗口]  
匿名評論
評論內容:(不能超過250字,需審核后才會公布,請自覺遵守互聯網相關政策法規。
 §最新評論:
  熱門軟件
·qwks.cpp(MS03-049)
·ms05039.rar
·fsie.rar
·Serv-U FTP溢出漏洞利用工具
·NBSI2破解版
·MS08-067.rar
·提權大殺器(2010黑帽大會公布的
·Churrasco.zip
·tfn2k.tgz
·SMBdie
·ms04-011.rar
·WinArpAttacker3.50.rar
  相關軟件
·TrendMicro_web_deployment_acti
·slk.rar
·KiTrap0D.zip
·uusee.zip
·sopcast_exp.zip
·EverFocus_Edsr_Exploit.tar.gz
·提權大殺器(2010黑帽大會公布的
·ie 0day exp-Windows寫字板HTML
·Samba < 3.0.20 heap overflow
·Epfw_Exp.zip
·JCZ3.rar
·吉林十一选五多少期
 
  推薦廣告
CopyRight © 2002-2019 吉林十一选五多少期 All Rights Reserved