Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/kernelerr/vlc-cve-2008-4654-exploit
An EXP could run on Windows x64 against CVE-2008-4654.
https://github.com/kernelerr/vlc-cve-2008-4654-exploit
cve exploit out-of-memory vlc vlc-media-player
Last synced: 12 days ago
JSON representation
An EXP could run on Windows x64 against CVE-2008-4654.
- Host: GitHub
- URL: https://github.com/kernelerr/vlc-cve-2008-4654-exploit
- Owner: KernelErr
- Created: 2017-08-18T05:22:29.000Z (over 7 years ago)
- Default Branch: master
- Last Pushed: 2017-08-18T05:57:09.000Z (over 7 years ago)
- Last Synced: 2025-01-17T02:56:51.986Z (14 days ago)
- Topics: cve, exploit, out-of-memory, vlc, vlc-media-player
- Language: Python
- Homepage:
- Size: 4.88 KB
- Stars: 2
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
# VLC-CVE-2008-4654-Exploit
Well, it's just an old vulnerability whose CVE number is CVE-2008-4654. This vulnerability is caused by Out of Memory at line 1650 of modules/demux/ty.c.
```
stream_Read(p_demux->s, mst_buf, 8 + i_map_size);
```
When I downloaded the EXP from other websites, I found that it doesn't work correctly on my Windows 7 Ultimate x64. So I change the return address from 0x68f0cfad to 0x6a314b52, then it works!
Old:
```
0x68f0cfad : jmp esp
{PAGE_EXECUTE_READ} [libqt4_plugin.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False
```
After I found this module doesn't exist, I changed into:
```
0x6a314b52 : push esp # ret
{PAGE_EXECUTE_READ} [libvlc.dll] ASLR: False, Rebase: False, SafeSEH: False, OS: False
```
It works on VLC 0.9.4. Have fun!