4.2 Exploitation

To exploit the vulnerability I did the following:

Note

The vulnerability affects all operating system platforms supported by FFmpeg. The platform that I used throughout this chapter was the default installation of Ubuntu Linux 9.04 (32-bit).

  • Step 1: Find a sample 4X movie file with a valid strk chunk.

  • Step 2: Learn about the layout of the strk chunk.

  • Step 3: Manipulate the strk chunk to crash FFmpeg.

  • Step 4: Manipulate the strk chunk to get control over EIP.

There are different ways to exploit file format bugs. I could either create a file with the right format from scratch or alter an existing file. I chose the latter approach. I used the website http://samples.mplayerhq.hu/ to find a 4X movie file suitable for testing this vulnerability. ...

Get A Bug Hunter's Diary now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.