Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-3864 PoC — Android mediaserver组件数字错误漏洞

Source
https://github.com/eudemonics/scaredycat
Associated Vulnerability
Title:Android mediaserver组件数字错误漏洞 (CVE-2015-3864)
Description:Integer underflow in the MPEG4Extractor::parseChunk function in MPEG4Extractor.cpp in libstagefright in mediaserver in Android before 5.1.1 LMY48M allows remote attackers to execute arbitrary code via crafted MPEG-4 data, aka internal bug 23034759. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-3824.
Description
Python script to generate a malicious MP4 file and start a CherryPy web server hosting a simple HTML page with the embedded file.  Exploits another Stagefright vulnerability, the integer overflow (CVE-2015-3864).
Readme
## SCAREDYCAT! version 0.1 beta

Python script to generate a malicious MP4 file 
and start a web server hosting a page with the
embedded 'video' file on port 8080.

This exploits another Stagefright vulnerability,
the integer overflow vulnerability (CVE-2015-3864),
published by Exodus Intelligence.

### author: vvn (eudemonics) <root [at] nobody [dot] ninja>
### built upon original exploit code from Google for CVE-2015-3864

####** usage: scaredycat.py [-h] [-p PAYLOAD] [-v] [libcfile]

optional arguments:

    libcfile              path to libc.so file (usually in /system/lib on
                          android devices). one is included in the repo.
    -h, --help            show this help message and exit
    -p PAYLOAD, --payload PAYLOAD
                          path to shellcode/payload to be injected into mp4 file.
                          a generic one created by meterpreter is included.
    -v, --version         version information
File Snapshot

 [4.0K]  /data/pocs/c2e8b46da96ef3d09ecb0c9801020670c5eef401
├── [578K]  libc.so
├── [ 956]  README.md
├── [ 14K]  scaredycat.py
├── [ 15K]  scaredycat.py.asc
└── [8.6K]  shellcode.bin

0 directories, 5 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →