O'Reilly logo

A Bug Hunter's Diary by Tobias Klein

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

2.2 Exploitation

To exploit the vulnerability, I performed the following steps:

  • Step 1: Find a sample TiVo movie file.

  • Step 2: Find a code path to reach the vulnerable code.

  • Step 3: Manipulate the TiVo movie file to crash VLC.

  • Step 4: Manipulate the TiVo movie file to gain control of EIP.

Overview of the vulnerability from input to stack buffer overflow

Figure 2-2. Overview of the vulnerability from input to stack buffer overflow

There’s more than one way to exploit a file-format bug. You can create a file with the right format from scratch, or you can manipulate a valid preexisting file. I chose the latter in this example.

Step 1: Find a Sample TiVo Movie File

Note

The website http://samples.mplayerhq.hu/ is a good starting ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required