Changeset 1532

Timestamp:

01/18/08 15:47:16 (7 months ago)

Author:

jose

Message:

[phoneyc]
support for RTSP MPEG4 SP Control ActiveX Control "MP4Prefix" Property Buffer Overflow
vuln module, exploit demo

Files:

• phoneyc/trunk/ActiveX.py (modified) (3 diffs)
• phoneyc/trunk/modules/jscript/RtspVaPgCtrl.js (added)
• phoneyc/trunk/tests/4932.html (added)

phoneyc/trunk/ActiveX.py

@@ -51 +51 @@
-        self.clsid['A86934DA-C3D6-4C1C-BD83-CA4F14B362DE'] = PTZCamPanel()
-        self.clsid['F3D0D36F-23F8-4682-A195-74C92B03D4AF'] = QvodCtrl()
+        self.clsid['361E6B79-4A69-4376-B0F2-3D1EBEE9D7E2'] = RtspVaPgCtrl()
-
-        self.clsname = {}
@@ -68 +69 @@
-        self.clsname['awApi4.AnswerWorks.1'] = AnswerWorks()
-        self.clsname['QvodInsert.QvodCtrl.1'] = QvodCtrl()
+        self.clsname['RtspVaPgDecoder.RtspVaPgCtrl.1'] = RtspVaPgCtrl()
-
-        # set up the pure JScript version
@@ -343 +345 @@
-        self.description = 'Qvod Player QvodCtrl Class ActiveX Control'
-
+class RtspVaPgCtrl(ActiveX):
+    def __init__(self):
+        self.js_src = self.load_js_src('RtspVaPgCtrl.js')
+        self.classname = 'RtspVaPgCtrl'
+        self.cve_id = ('CVE-NOMATCH', )
+        self.description = 'RTSP MPEG4 SP Control'
+