这周的某天用mplayer看电影时,竟弹出广告网页。当时没有察觉,后来分析别的漏洞时,感觉如果影音文件有弹广告的权限,岂不是很可怕啊......
google了一下,最新的mplayer漏洞如下:
MPlayer SAMI Subtitle File Buffer Overflow
This module exploits a stack-based buffer overflow found in the handling of SAMI subtitles files in MPlayer SVN Versions before 33471. It currently targets SMPlayer 0.6.8, which is distributed with a vulnerable version of mplayer. The overflow is triggered when an unsuspecting victim opens a movie file first, followed by loading the malicious SAMI subtitles file from the GUI. Or, it can also be done from the console with the mplayer "-sub" option.
写了个sami文件推数据,也没用filefuzz,只是增加数据量,不久就有效果了,错误输出如下:
MPlayer interrupted by signal 11 in module: read_subtitles_file ID_SIGNAL=11
- MPlayer crashed by bad usage of CPU/FPU/RAM.
Recompile MPlayer with --enable-debug and make a 'gdb' backtrace and
disassembly. Details in DOCS/HTML/en/bugreports_what.html#bugreports_crash.
- MPlayer crashed. This shouldn't happen.
It can be a bug in the MPlayer code _or_ in your drivers _or_ in your
gcc version. If you think it's MPlayer's fault, please read
DOCS/HTML/en/bugreports.html and follow the instructions there. We can't and
won't help unless you provide this information when reporting a possible bug.
只要把填充的垃圾数据,改成构造的二进制码就可以完成其他任务了
【我的疑问】:
1.这是否意味着,其实像rmvb,gif这种非可执行文件,亦可以成为恶意程序,
2.并且免疫杀毒软件对的查杀(没有“mz”首部躲避沙盒,体积巨大躲避云查杀)
[培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课
