4.2 Exploitation

To exploit the vulnerability I did the following:

Note

The vulnerability affects all operating system platforms supported by FFmpeg. The platform that I used throughout this chapter was the default installation of Ubuntu Linux 9.04 (32-bit).

Step 1: Find a sample 4X movie file with a valid strk chunk.
Step 2: Learn about the layout of the strk chunk.
Step 3: Manipulate the strk chunk to crash FFmpeg.
Step 4: Manipulate the strk chunk to get control over EIP.

There are different ways to exploit file format bugs. I could either create a file with the right format from scratch or alter an existing file. I chose the latter approach. I used the website http://samples.mplayerhq.hu/ to find a 4X movie file suitable for testing this vulnerability. ...

Get A Bug Hunter's Diary now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.

Start your free trial

A Bug Hunter's Diary by Tobias Klein

4.2 Exploitation

Note

Don’t leave empty-handed

It’s yours, free.

Check it out now on O’Reilly