2.2 Exploitation

To exploit the vulnerability, I performed the following steps:

  • Step 1: Find a sample TiVo movie file.

  • Step 2: Find a code path to reach the vulnerable code.

  • Step 3: Manipulate the TiVo movie file to crash VLC.

  • Step 4: Manipulate the TiVo movie file to gain control of EIP.

Overview of the vulnerability from input to stack buffer overflow

Figure 2-2. Overview of the vulnerability from input to stack buffer overflow

There’s more than one way to exploit a file-format bug. You can create a file with the right format from scratch, or you can manipulate a valid preexisting file. I chose the latter in this example.

Step 1: Find a Sample TiVo Movie File

Note

The website http://samples.mplayerhq.hu/ is a good starting ...

Get A Bug Hunter's Diary now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.