Added exploit module for CVE-2008-5036

[juanvazquez]

I would like to make a contribution to metasploit with a module for "CVE-2008-5036: VLC Media Player RealText Demuxer Subtitle File Handling Overflow" with the hope you find it useful.

It's a FILEFORMAT exploit which generates a RealText subtitle file. It should distributed with a video file with the same filename. The video file should be opened witht he vulnerable VLC. I've tested with .avi and .wmv videos successfully.

Vulnerable VLC can be downloaded from oldapps: http://www.oldapps.com/VLC_Player.php?old_vlc=39?download

I've tested on XP SP3 and W7 SP1 successfully with windows/exec and windows/meterpreter_reverse_tcp.

Finally I'm learning and training exploit writing and metasploit dev so any feedback about the code is welcome!

Regards,

juan

[wchen-r7]

Will take a look at it soon, thanks!

[juanvazquez]

I've check the module is now generating an MP4 for distribution also
:) awesome! Definitely better solution! And more user friendly! Thanks
very much! Please, feel free to put yourself as module author always
:$

Regards,

juan

On Thu, Mar 1, 2012 at 11:58 PM, sinn3r
reply@reply.github.com
wrote:

Will take a look at it soon, thanks!

---

Reply to this email directly or view it on GitHub:
#212 (comment)