To exploit the vulnerability, I performed the following steps:
Step 1: Find a sample TiVo movie file.
Step 2: Find a code path to reach the vulnerable code.
Step 3: Manipulate the TiVo movie file to crash VLC.
Step 4: Manipulate the TiVo movie file to gain control of
Figure 2-2. Overview of the vulnerability from input to stack buffer overflow
There’s more than one way to exploit a file-format bug. You can create a file with the right format from scratch, or you can manipulate a valid preexisting file. I chose the latter in this example.
Step 1: Find a Sample TiVo Movie File
The website http://samples.mplayerhq.hu/ is a good starting ...