Zero Science Lab

——————
Codes

————————————————————————————————————

- google2.c
- google1.pl

Desc: Google SketchUp Pro version 7.0 remote stack overflow proof of concept exploit that generates a malicious .skp file.

Reference:
http://www.milw0rm.com/exploits/9317
http://securityreason.com/exploitalert/6803
http://www.securityfocus.com/bid/35911
http://www.juniper.net/security/auto/vulnerabilities/vuln35911.html
http://sebug.net/exploit/11958/
http://www.venustech.com.cn/NewsInfo/124/4897.Html
http://www.nsfocus.net/vulndb/13667
http://www.packetstormsecurity.org/filedesc/googlesketchup-overflow.txt.html

————————————————————————————————————

- epiri_crash.vbs

Desc: Epiri Professional Web Browser version 3.0 remote denial of service proof of concept exploit.

Reference:
http://securityreason.com/exploitalert/6777
http://www.packetstormsecurity.org/filedesc/epiri-dos.txt.html
http://www.milw0rm.com/exploits/9304
http://sebug.net/exploit/11951/
http://zeroscience.org/codes/epiri_crash.vbs

————————————————————————————————————

- aeditor_mc.txt

Desc: Audio Editor Pro version 2.91 suffers from a memory corruption vulnerability.

Reference:
http://packetstormsecurity.org/filedesc/aeditor-memory.txt.html
http://www.securityfocus.com/bid/35719
http://www.milw0rm.com/exploits/9170
http://securityreason.com/exploitalert/6631
http://zeroscience.org/codes/aimp2_evil.mp3
http://milw0rm.com/sploits/2009-aimp2_evil.mp3
http://securityreason.com/download/11/13

————————————————————————————————————

- zortam_studio.pl

Desc: Zortam MP3 Media Studio version 9.40 suffers from multiple memory corruption vulnerabilities.

Reference:
http://packetstormsecurity.org/filedesc/zortam-memory.txt.html
http://www.milw0rm.com/exploits/9169
http://securityreason.com/exploitalert/6632
http://zeroscience.org/codes/aimp2_evil.mp3
http://milw0rm.com/sploits/2009-aimp2_evil.mp3
http://securityreason.com/download/11/13

————————————————————————————————————

- zortam_zero.pl

Desc: Zortam MP3 Player version 1.50 suffers from an integer division by zero vulnerability.

Reference:
http://packetstormsecurity.org/filedesc/zortam-zero.txt.html
http://www.milw0rm.com/exploits/9168
http://securityreason.com/exploitalert/6626
http://www.vfocus.net/art/20090717/5510.html

————————————————————————————————————

- zortam_bof.txt

Desc: Zortam ID3 Tag Editor version 5.0 suffers from a remote stack overflow vulnerability.

Reference:
http://packetstormsecurity.org/filedesc/zortamid3-overflow.txt.html
http://securityreason.com/exploitalert/6634
http://zeroscience.org/codes/aimp2_evil.mp3
http://milw0rm.com/sploits/2009-aimp2_evil.mp3
http://securityreason.com/download/11/13

————————————————————————————————————

- musictag_bof.txt

Desc: Music Tag Editor version 1.61 build 212 suffers from a remote buffer overflow vulnerability.

Reference:
http://secunia.com/advisories/35828/
http://securityreason.com/exploitalert/6612
http://www.milw0rm.com/exploits/9167
http://www.packetstormsecurity.org/filedesc/musictag-overflow.txt.html
http://zeroscience.org/codes/aimp2_evil.mp3
http://milw0rm.com/sploits/2009-aimp2_evil.mp3
http://securityreason.com/download/11/13

————————————————————————————————————

- retinawifi_bof.py [ Updated 10.07.2009 ]

Desc: Retina WiFi Security Scanner version 1.0 suffers from a buffer overflow vulnerability when parsing .rws files.

Reference:
http://research.eeye.com/html/advisories/published/AD20090710.html
http://secunia.com/advisories/35786/
http://www.securityfocus.com/bid/35624
http://securityreason.com/exploitalert/6564
http://www.packetstormsecurity.org/filedesc/retinawifi-overflow.txt.html
http://www.milw0rm.com/exploits/9114
http://osvdb.org/55744
http://xforce.iss.net/xforce/xfdb/51625
http://www.juniper.net/security/auto/vulnerabilities/vuln35624.html
http://securitytracker.com/id?1022534
http://www.vupen.com/english/advisories/2009/1862

————————————————————————————————————

- carom3d.pl

Desc: Carom3D version 5.06 unicode buffer overrun and denial of service exploit.

Reference:
http://www.milw0rm.com/exploits/8971
http://packetstormsecurity.org/filedesc/carom3d-dos.txt.html
http://securityreason.com/exploitalert/6430
http://sebug.net/exploit/11631/
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-2173
http://xforce.iss.net/xforce/xfdb/51219

————————————————————————————————————

- id3over.pl

Desc: Mp3 File ID3v1/ID3v2 Tag Metadata PoC Overflower v1.0.

————————————————————————————————————

- mp3tag_bof.txt

Desc: Mp3 Tag Assistant Pro version 2.92 tag metadata remote stack overflow proof of concept exploit.

Reference:
http://secunia.com/advisories/35305/
http://osvdb.org/show/osvdb/54810
http://www.securitylab.ru/vulnerability/380786.php
http://securityreason.com/exploitalert/6345
http://www.f-secure.com/vulnerabilities/SA200902492
http://www.zeroscience.org/codes/aimp2_evil.mp3
http://milw0rm.com/sploits/2009-aimp2_evil.mp3

————————————————————————————————————

- aimp2_poc.txt

Desc: AIMP version 2.51 build 330 ID3v1/ID3v2 tag remote SEH stack buffer overflow proof of concept exploit.

Reference:
http://secunia.com/advisories/35295/
http://packetstormsecurity.org/filedesc/aimp2-poc.txt.html
http://securityreason.com/exploitalert/6322
http://www.milw0rm.com/exploits/8837
http://osvdb.org/show/osvdb/54812
http://sebug.net/exploit/11494/
http://www.securitylab.ru/vulnerability/380701.php
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1944
http://xforce.iss.net/xforce/xfdb/50875
http://www.zeroscience.org/codes/aimp2_evil.mp3
http://milw0rm.com/sploits/2009-aimp2_evil.mp3

————————————————————————————————————

- viplay_poc.pl

Desc: ViPlay3 versions 3.00 and below local stack overflow proof of concept exploit that creates a malicious .vpl file.

Reference:
http://packetstormsecurity.org/filedesc/viplay-overflow.txt.html
http://www.securityfocus.com/bid/34877/
http://www.milw0rm.com/exploits/8644
http://securityreason.com/exploitalert/6188

————————————————————————————————————

- unsniff_heap.pl

Desc: Unsniff Network Analyzer version 1.0 local heap overflow proof of concept exploit.

Reference:
http://www.milw0rm.com/exploits/8360
http://packetstormsecurity.org/filedesc/unsniff-overflow.txt.html
http://www.securityfocus.com/bid/34396
http://www.redoracle.com/option=com_exploit&exid=1198
http://www.securityreason.com/exploitalert/5992
http://hack4.com/news/23846.html

————————————————————————————————————

- qtweb_dos.pl

Desc: QtWeb Internet Browser version 2.0 remote denial of service exploit.

Reference:
http://packetstormsecurity.org/filedesc/qtweb-dos.txt.html
http://www.securityfocus.com/bid/34327

————————————————————————————————————

- powerchm_bof.pl

Desc: PowerCHM version 5.7 local buffer overflow exploit that creates a malicious .hhp file.

Reference:
http://www.milw0rm.com/exploits/8301
http://securityreason.com/exploitalert/5943
http://packetstormsecurity.org/filedesc/powerchm57-overflow.txt.html
http://www.securityfocus.com/bid/34263

————————————————————————————————————

- talkirc_seh.pl

Desc: Talkative IRC version 0.4.4.16 remote SEH stack overflow exploit.

Reference:
http://www.packetstormsecurity.org/filedesc/talkirc-seh.txt.html
http://www.milw0rm.com/exploits/8227
http://www.securityfocus.com/bid/34141
http://securityreason.com/exploitalert/5874

————————————————————————————————————

- jdkchat_poc.pl

Desc: Proof of concept exploit for an integer overflow in JDKChat v1.5.

Reference:
http://www.milw0rm.com/exploits/8205
http://www.packetstormsecurity.org/filedesc/jdkchat-overflow.txt.html
http://www.securityfocus.com/bid/34102
http://www.bugsearch.net/en/8333/JDKChatIntegerOverflow.html
http://securityreason.com/exploitalert/5860

————————————————————————————————————

- gotallmedia_dos.pl

Desc: Got All Media version 7.0.0.3 remote denial of service exploit.

Reference:
http://www.securityfocus.com/bid/33830
http://www.packetstormsecurity.org/filedesc/gotallmedia-dos.txt.html
http://www.milw0rm.com/exploits/8084

————————————————————————————————————

- blazehdtv_hof.py

Desc: BlazeVideo HDTV Player versions 3.5 and below remote heap overflow exploit that generates a malicious .plf playlist file.

Reference:
http://www.securityfocus.com/bid/33588
http://www.packetstormsecurity.org/filedesc/blazehdtv-hof.txt.html
http://www.milw0rm.com/exploits/7975
http://www.hackzone.ru/exploit/view/id/4597/

————————————————————————————————————

- amaya_seh.pl

Desc: Remote SEH overwrite exploit for the Amaya Web Editor version 11.

Reference:
http://www.packetstormsecurity.org/filedesc/amaya-seh.txt.html
http://www.milw0rm.com/exploits/7926
http://heapoverflow.com/f0rums/public/amaya_seh.html
http://www.hackzone.ru/exploit/view/id/4505/
http://www.astalavista.com/index.php?exploits=8054
http://securityreason.com/exploitalert/5643

————————————————————————————————————

- wftpdpro_dos.c

Desc: WFTPD Pro Server version 3.30.0.1 pre-authentication remote denial of service exploit.

Reference:
http://www.securityfocus.com/bid/33426
http://www.packetstormsecurity.org/filedesc/wftpdpro_dos.c.txt.html

————————————————————————————————————

- ftpshell_bof.pl

Desc: FTPShell Server version 4.3 suffers from a buffer overflow vulnerability that can be exploited remotely or locally. The failed bounds checking revolves around the .key file and this file exploits this vulnerability.

Reference:
http://www.milw0rm.com/exploits/7852
http://xforce.iss.net/xforce/xfdb/48174
http://www.securityfocus.com/bid/33403
http://www.packetstormsecurity.org/filedesc/ftpshell-overflow.txt.html
http://www.hackzone.ru/exploit/view/id/4344/
http://secunia.com/advisories/33597/
http://securityreason.com/exploitalert/5584

————————————————————————————————————

- showtime_bof.pl

Desc: Nero ShowTime version 5.0.15.0 m3u playlist file remote buffer overflow denial of service proof of concept exploit.

Reference:
http://xforce.iss.net/xforce/xfdb/46811
http://secunia.com/advisories/32850/
http://www.milw0rm.com/exploits/7207
http://www.packetstormsecurity.org/filedesc/showtime_bof.pl.txt.html
http://www.securityfocus.com/bid/32446

————————————————————————————————————

- kvirc_fs.html

Desc: KVIrc version 3.4.0 Virgo remote format string proof of concept exploit.

Reference:
http://www.milw0rm.com/exploits/6832
http://www.packetstormsecurity.org/filedesc/kvirc-format.txt.html
http://www.sebug.net/exploit/4944/
http://www.securityfocus.com/bid/31912
http://www.frsirt.com/english/advisories/2008/2926
http://www.secunia.com/advisories/32410/
http://www.juniper.net/security/auto/vulnerabilities/vuln31912.html

————————————————————————————————————

- eserv_bof.pl

Desc: Eserv 3.x FTP Server ABOR related remote stack overflow proof of concept exploit.

Reference:
http://www.milw0rm.com/exploits/6752
http://www.packetstormsecurity.org/filedesc/eserv-overflow.txt.html
http://www.securityfocus.com/bid/31753
http://astalavista.com/index.php?section=exploits&cmd=details&id=6862
http://securityreason.com/exploitalert/4915
http://forum.blackhack.ru/showthread.php?t=3549

————————————————————————————————————

- vbados.txt

Desc: VBA32 Personal Antivirus version 3.12.8.x suffers from a malformed archive denial of service vulnerability. Proof of concept exploit.

Reference:
http://packetstormsecurity.org/filedesc/vba32-poc-tgz.html
http://www.sebug.net/exploit/4800/
http://www.securityfocus.com/bid/31560
http://www.milw0rm.com/exploits/6658
http://zeroscience.org/codes/vba32_poc.rar

————————————————————————————————————

- femitter-dos.c

Desc: Femitter FTP server version 1.03 remote denial of service proof of concept exploit.

Reference:
http://www.milw0rm.com/exploits/6481
http://www.packetstormsecurity.org/filedesc/fermitter-dos.txt.html
http://www.securityfocus.com/bid/31226
http://heapoverflow.com/f0rums/public/8691-femitter-ftp-server.html
http://www.sebug.net/exploit/4658/
http://www.securiteam.com/exploits/5BP0M0APFS.html

————————————————————————————————————

- CoolCon02.c

Desc: A simple command-line converter written in C language (win32) that converts input as string or integer. ASCII to Binary/Decimal/Octal/Hexadecimal, Binary to Decimal/Octal/Hexadecimal, Decimal to Binary/Octal/Hexadecimal. ROT13 and URL Unicode UTF-8 encoding feature. Updated version of CoolCon v0.01.

Reference:
http://www.packetstormsecurity.org/filedesc/CoolCon0.2.rar.html

————————————————————————————————————

- maxthon_dos.html

Desc: Maxthon Browser version 2.1.4.443 UNICODE remote denial of service proof of concept exploit.

Reference:
http://www.milw0rm.com/exploits/6434
http://www.packetstormsecurity.org/filedesc/maxthon-dos.txt.html
http://www.securityfocus.com/bid/31098

————————————————————————————————————

- seamonkey_dos.html

Desc: SeaMonkey version 1.1.11 remote denial of service proof of concept exploit that makes use of excessive marquee tags being used.

Reference:
http://www.securityfocus.com/bid/31070
http://www.packetstormsecurity.org/filedesc/seamonkey-dos.txt.html

————————————————————————————————————

- flock_dos.html

Desc: Flock Social Web Browser version 1.2.5 looping denial of service exploit.

Reference:
http://www.milw0rm.com/exploits/6391
http://www.securityfocus.com/bid/31044
http://www.packetstormsecurity.org/filedesc/flockweb-dos.txt.html
http://www.astalavista.com/index.php?section=exploits&cmd=details
http://securityreason.com/exploitalert/4617

————————————————————————————————————

- goodos.html

Desc: Google Chrome Browser version 0.2.149.27 denial of service exploit that uses javascript.

Reference:
http://packetstormsecurity.org/filedesc/google-chrome-dos2.txt.html
http://www.lifedork.com/google-chrome-browser-crash.html

————————————————————————————————————

- aslr_sc.c

Desc: 79 byte linux/x86 (Fedora 8) shellcode that performs setuid(0) + setgid(0) + execve("echo 0 > / proc/sys/kernel/randomize_va_space").

Reference:
http://www.milw0rm.com/shellcode/6268
http://packetstormsecurity.org/filedesc/linux-set.txt.html
http://pooh.gr.jp/item-5674.html
http://www.sebug.net/exploit/4455/

————————————————————————————————————

- vuplayer_bof.pl

Desc: VUPlayer version 2.49 M3U playlist file remote buffer overflow exploit. Shellcode spawns calc.exe.

Reference:
http://www.securityfocus.com/bid/21363
http://www.packetstormsecurity.org/filedesc/vuplayer_bof.pl.txt.html
http://www.securityhome.eu/exploits/exploit.php

————————————————————————————————————

- powerdvd_bof.pl

Desc: CyberLink PowerDVD versions 8.0 and below crafted PLS/M3U playlist file buffer overflow/denial of service exploit.

Reference:
http://www.securityfocus.com/bid/30341
http://www.packetstormsecurity.org/filedesc/powerdvd_bof.pl.txt.html
http://www.net-security.org/vuln.php?id=5616
http://www.sebug.net/vulndb/3704/

————————————————————————————————————

- blazedvd_bof.pl

Desc: BlazeDVD version 5.0 PLF playlist file remote buffer overflow exploit that spawns calc.exe.

Reference:
http://www.milw0rm.com/exploits/6217
http://www.securityfocus.com/bid/21337
http://www.packetstormsecurity.org/filedesc/blazedvd_bof.pl.txt.html

————————————————————————————————————

- CoolCon.c

Desc: A simple command-line converter written in C language (Win32) that converts input as string or integer. ASCII to Binary / Decimal / Octal / Hexadecimal, Binary to Decimal / Octal / Hexadecimal, Decimal to Binary / Octal / Hexadecimal. ROT13 feature.

Reference:
http://www.packetstormsecurity.org/filedesc/CoolCon0.01.rar.html