Apple QuickTime 7.2/7.3 - RSTP Response Universal

EDB-ID:

4664


Author:

YAG KOHHA

Type:

remote


Platform:

Windows

Date:

2007-11-27


      ___             Everyone Loves
    O|0_+|O           the Hypnotoad...
     |...|
      | |
=o0O=====O0o===============================
| QuickTime RTSP Response Content-type    |
| remote stack rewrite exploit for IE 6/7 |
| by Yag Kohha (skyhole [at] gmail.com)   |
===========================================
			      
Exploit tested on:
 - Windows Vista
 - Windows XP SP2
 - IE 6.0/ 7.0
 - QT 7.2/ 7.3

Exploit requirements:
 Target: Windows Vista/ XP SP2 , IE 6.0/7.0, QT 7.2/7.3
 Server: Linux, Perl, Apache web- server

Whats inside:
 index.html 	- hypertext document with heap spray javascript and QT plugin call with playlist.mov (place to public web-folder)
 server 	- rtsp- server emulator (run in your linux shell in background mode "./server&")
 playlist.mov 	- play list with rtsp server link (edit "_server_emulator_ip" with address of rtsp-server emulator started and place to public web-folder)
Try to load index.html in your browser from remote web- server with installed exploit.

Greetz 2:
    - str0ke & milw0rm
    - shinnai
    - h07 for bug publication
    - muts & InTel for code play'ng ( but guyz, U`rs releases coded with SEH overwrite... It's so many problems
				    with shellcode modification and stable exploitation on different systems...
				    for whats? 
				    We can overwrite EIP with buffer generation like 65535 bytes. In this release EIP -> 0x0c0c0c0c )

Fuckz 2:
    - wslabi.com (too stupid resource for selling shit)
    - ICEPACK and MPACK coderz (Fucking javascript kidd0z and code thiefz)

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/4664.tar.gz (11272007-qt_public.tar.gz)

# milw0rm.com [2007-11-27]