Vulnerability & Exploit Database

Back to search

X360 VideoPlayer ActiveX Control Buffer Overflow

This module exploits a buffer overflow in the VideoPlayer.ocx ActiveX installed with the X360 Software. By setting an overly long value to 'ConvertFile()', an attacker can overrun a .data buffer to bypass ASLR/DEP and finally execute arbitrary code.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/windows/browser/x360_video_player_set_text_bof

Authors

  • Rh0
  • juan vazquez <juan.vazquez [at] metasploit.com>

References

Targets

  • Automatic

Platforms

  • windows

Architectures

  • x86

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/windows/browser/x360_video_player_set_text_bof msf exploit(x360_video_player_set_text_bof) > show targets ...targets... msf exploit(x360_video_player_set_text_bof) > set TARGET <target-id> msf exploit(x360_video_player_set_text_bof) > show options ...show and set options... msf exploit(x360_video_player_set_text_bof) > exploit