'[Full-disclosure] Security-Assessment.com Release: Hacking'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-disclosure] Security-Assessment.com Release: Hacking
From:       Nick Freeman <nick.freeman () security-assessment ! com>
Date:       2011-11-29 3:07:15
Message-ID: 4ED44C63.8080207 () security-assessment ! com
[Download RAW message or body]


   (    , )     (,
  .   `.' ) ('.    ',
   ). , ('.   ( ) (
  (_,) .`), ) _ _,
 /  _____/  / _  \    ____  ____   _____
 \____  \==/ /_\  \ _/ ___\/  _ \ /     \
 /       \/   |    \\  \__(  <_> )  Y Y  \
/______  /\___|__  / \___  >____/|__|_|  /
       \/        \/.-.   \/            \/:wq
                    (x.0)
                  '=.|w|.='
                  _='`"``=.

        presents..



Hacking Hollywood: The Slides, The Bugs and The Exploits.

+------------+
> Introduction|
+------------+

At Kiwicon V (https://www.kiwicon.org) and Ruxcon 2011
(http://www.ruxcon.org.au), Nick Freeman presented on Hacking
Hollywood - a half hour feel-good romp through vulnerabilities in
software used during the film making process. This release includes
the slides, advisories and exploits used during the presentation. Enjoy!


+------+
> Slides|
+------+

Slides for the Ruxcon talk are available at the following URL:

http://security-assessment.com/files/documents/presentations/Hacking-Hollywood_Nick-Freeman_Ruxcon2011.pdf



+-----------------------+
> Advisories and Exploits|
+-----------------------+

Final Draft < 8.02 Multiple Stack Buffer Overflows
PDF:
http://security-assessment.com/files/documents/advisory/Final_Draft-Multiple_Stack_Buffer_Overflows.pdf
 TXT:
http://security-assessment.com/files/documents/advisory/Final_Draft-Multiple_Stack_Buffer_Overflows.txt
                
POC: http://security-assessment.com/files/finaldraft8poc.zip
MSF: http://security-assessment.com/files/finaldraft8.rb
NOTE: Tested on v8.01, latest WinXPSP3. No DEP bypass - dodgy PoC.

StoryBoard Quick 6 Stack Buffer Overflow (unpatched)
PDF:
http://www.security-assessment.com/files/documents/advisory/Storyboard_Quick6-Stack_Buffer_Overflow.pdf
 TXT:
http://www.security-assessment.com/files/documents/advisory/Storyboard_Quick6-Stack_Buffer_Overflow.txt
                
POC: http://security-assessment.com/files/storyboardquick6poc.zip
MSF: http://security-assessment.com/files/storyboardquick6.rb
NOTE: Tested on latest WinXPSP3. No DEP bypass - dodgy PoC.

Muster Render Farm Management System < 6.20 Arbitrary File Download
PDF:
http://security-assessment.com/files/documents/advisory/Muster-Arbitrary_File_Download.pdf
TXT:
http://security-assessment.com/files/documents/advisory/Muster-Arbitrary_File_Download.txt
NOTE: Exploit in advisory.

AvidPhoneticIndexer (Avid Media Composer <= 5.5.3) Remote Stack Buffer
Overflow (unpatched)
PDF:
http://www.security-assessment.com/files/documents/advisory/Avid_Media_Composer-Phonetic_Indexer-Remote_Stack_Buffer_Overflow.pdf
 TXT:
http://www.security-assessment.com/files/documents/advisory/Avid_Media_Composer-Phonetic_Indexer-Remote_Stack_Buffer_Overflow.txt
                
MSF: http://security-assessment.com/files/avid_phonetic_indexer.rb
NOTE: WinXPSP3 Only, using Sayonara ROP chain (thanks WP!). Sometimes
this service starts on a different port, decreasing from 4660 (usually
starts on 4659)


+-------+
> Contact|
+-------+

Email: nick.freeman@security-assessment.com
Twitter: @0x7674
Web: http://security-assessment.com

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic