K-Lite Codec Pack LAV Filters Memory corruption POC
Date: 2012-09-13
Author: coolkaveh
coolkaveh@xxxxxxxxxxxxxx
Https://twitter.com/coolkaveh
Vendor Homepage: http://codecguide.com/download_kl.htm
LAV Splitter [version 0.30.13]
Tested on: windows 7 x64
affected : avformat-53.dll
==========================================================================
LAV Splitter [version 0.30.13]
This splitter supports multiple container formats:
AVI (.avi .divx)
Matroska (.mkv .mka)
MP4/MOV/3GP (.mp4 .m4v .3gp .mov .hdmov)
WebM (.webm)
Ogg (.ogm .ogg .ogv .oga)
MPEG-TS (.ts .m2ts .m2t .mts)
Flash Video (.flv)
Blu-ray (.bdmv .mpls)
==========================================================================
Access violation - code c0000005 (first chance)
First chance exceptions are reported before any exception handling.
This exception may be expected and handled.
*** ERROR: Symbol file could not be found. Defaulted to export symbols
for C:\Program Files (x86)\K-Lite Codec
Pack\Filters\LAV\avformat-53.dll -
avformat_53!ff_add_index_entry+0x2b:
6ab5e8ab 8b06 mov eax,dword ptr [esi] ds:002b:00000084=????????
10:47 AM
Faulting Instruction:6ab5e8ab mov eax,dword ptr [esi]
Basic Block:
6ab5e8ab mov eax,dword ptr [esi]
Tainted Input Operands: esi
6ab5e8ad mov ebp,dword ptr [esp+74h]
6ab5e8b1 add eax,1
Tainted Input Operands: eax
6ab5e8b4 cmp eax,0aaaaaa9h
Tainted Input Operands: eax
6ab5e8b9 jbe avformat_53!ff_add_index_entry+0x56 (6ab5e8d6)
Tainted Input Operands: ZeroFlag, CarryFlag
Attachment:
POC.flv
Description: Binary data
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/