XMPlayer PLS Buffer Overflow Module

[glinares.code at gmail.com (Greg Linares)]

hate to double post but that tool Jerome mentioned is called EEReap from Eeye.
If no one grabs a universal address by tomorrow i'll probably dive in
and try for it :)


On 11/28/06, Greg Linares <glinares.code at gmail.com> wrote:
> The dll's were packed with some sort of packer, the msfpescan said
> peTITE but they didnt decompress right.  Jerome suggested using a tool
> Eeye makes that gets addresses from files in memory so compression
> isnt a problem.  I just havent had whole lot of time to work on that
> meta file because i was working on 2 more exploits.  If someone does
> come up with a universal address in the .dlls  feel free to modify my
> ruby file accordingly.  I tried to include as much as i could.
>
> On 11/28/06, Nicob <nicob at nicob.net> wrote:
> > Le lundi 27 novembre 2006 ? 15:09 -0700, Greg Linares a ?crit :
> >
> > > [ 'Windows 2000 Pro English SP4',             { 'Ret' => 0x77e14c29 } ],
> > > [ 'Windows XP Pro SP2 English',                       { 'Ret' => 0x77db41bc } ],
> > > [ 'Windows 2003 SP0 and SP1 English',         { 'Ret' => 0x77d74adc } ],
> > > [ 'Windows XP Pro SP2 French',                        { 'Ret' => 0x77d8519f } ],
> > > [ 'Windows XP Pro SP2 German',                        { 'Ret' => 0x77d873a0 } ],
> > > [snip]
> >
> > Woo, a lot of targets. There's no DLL installed with XMPlay which could
> > be used as a more universal return address ?
> >
> >
> > Nicob