Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2008-4654 PoC — VLC媒体播放器TY文件处理栈溢出漏洞

Source
https://github.com/rnnsz/CVE-2008-4654
Associated Vulnerability
Title:VLC媒体播放器TY文件处理栈溢出漏洞 (CVE-2008-4654)
Description:VideoLAN VLC media player是法国VideoLAN组织开发的一款免费、开源的跨平台多媒体播放器(也是一个多媒体框架)。该产品支持播放多种介质(文件、光盘等)、多种音视频格式(WMV, MP3等)等。 VLC媒体播放器的modules\demux\Ty.c文件没有正确地解析的TiVo ty媒体文件,如果用户受骗打开了畸形的媒体文件就会触发栈溢出,导致执行任意指令。
Readme
# CVE-2008-4654

PoC exploit for vulnerability CVE-2008-4654 VLC Media Player Stack-Based Buffer Overflow via TiVo Ty file extension.

## Usage

Run the script having a sample .ty+ file inside the same folder as the script. The ty+ file will be modified to execute the payload when opened with VLC Media Player. The file containing the payload will be called **POCPayload.ty+**.

```bash
python3 payloadGenerator_CVE-2008-4654.py
```
File Snapshot

 [4.0K]  /data/pocs/58a30d95c10db412512b6cf87bb5e0bd63d536c3
├── [ 34K]  LICENSE
├── [1.9K]  payloadGenerator_CVE-2008-4654.py
├── [5.0M]  POC.ty+
└── [ 434]  README.md

0 directories, 4 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).
    3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.