2.2 Exploitation
To exploit the vulnerability, I performed the following steps:
Step 1: Find a sample TiVo movie file.
Step 2: Find a code path to reach the vulnerable code.
Step 3: Manipulate the TiVo movie file to crash VLC.
Step 4: Manipulate the TiVo movie file to gain control of
EIP
.
Figure 2-2. Overview of the vulnerability from input to stack buffer overflow
There’s more than one way to exploit a file-format bug. You can create a file with the right format from scratch, or you can manipulate a valid preexisting file. I chose the latter in this example.
Step 1: Find a Sample TiVo Movie File
Note
The website http://samples.mplayerhq.hu/ is a good starting ...
Get A Bug Hunter's Diary now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.