[H3R3T1C]

this is an example of a FLV video being able to crash the browser

This video may crash your browser.
[youtube=425,350]ULzxwmV5QgI[/youtube]

Make sure to read this! it will tell you how it works!: http://www.mindedsecurity.com/en/lab...es/MSA01110707

[Pirate]

Embedded video for you.

Code:

[youtube=425,350]ULzxwmV5QgI[/youtube]

[Ps3Rips]

I love this exploit, its really nice and not that difficult to exploit (not saying the running of remote code on the ps3 is going to be easy but the basic exploit code changing the header info on a flv is easy to write using a hexeditor)

[H3R3T1C]

video of it in action
[youtube=425,350]seZYSor_7T8[/youtube]

[Ps3Rips]

Same thing that happens on the Wii also happens on the Netfront browser on Ps3

[Core-TX]

BoF exploitation on PPC architecture is a ****load different then on i386 architecture...
Besides, this is going on for SO long, and I have not seen a single PoC with a payload or what so ever :-\

[H3R3T1C]

i was taking a break form writing my program so i decided to make this little video:
http://stage6.divx.com/user/h3r3t1c/...r-OverFlow-POC

[Ps3Rips]

Originally Posted by Core-TX BoF exploitation on PPC architecture is a ****load different then on i386 architecture... Besides, this is going on for SO long, and I have not seen a single PoC with a payload or what so ever :-\

Going on for so long?, I think you mean the other flash exploit that was for opera browser and the WIii integrated flash player. This exploit was only made public last week.

[Core-TX]

Then explain to me why it is crashing XMB browser, below version 1.90

[Ps3Rips]

The eror is in the Adobe flash player built into the ps3 firmware. The flash player has never been updated since the release of the ps3 (at least not on Euro machines (firmware 1.50-1.90)

The error has existed for ages but only discovered about a week or two ago. So all ps3's on all firmwares will crash. But this doens't mean the exploit has been known about for ages.